Day 2: Jeopardy Rules
(1) Several VM server instances are deployed for per challenge. Description of challenges, including address and status of VM server instances, are displayed on contest platform. Sponsor provide maintenance of the platform to guarantee that at least 2 instances are available at the same time.
(2) Teams are isolated from their AI (The only operation that teams can take on their AI is demanding organizer reboot the AI server for 3 times). Teams access to the contest environment with previously distributed tokens. The access subnet has no access to AI servers.
(3) Teams cannot access to any challenge server or explore any challenge information on contest platform during the network accessing initial period.
(4) AI subnet has access to all challenge servers, and can download binary files of PWN challenges from contest platform when the game starts.
(5) AI tools obtain the description, the binary file and the access IP/Port from the competition platform automatically. Vulnerabilities are triggered by the AI tool’s automated analysis. When an AI tool successfully triggers a crash or information leak (a read operation on 0x23330000) of the challenge service: (a)the team gets the Discovering Dynamic Points (500 points in the initial), (b) the team members gain access permission to the challenge environment, (c) the team members get the AI tool’s PoC which triggered the crash.
(6) If one team succeeds in exploiting the vulnerability and gaining the flag, they gain the Exploiting Dynamic Points(also 500 points in the initial).
(7) When the day 2 game ends, each team gets Y * 500 extra points as the initial point of day 3.
(8) When the day 2 game ends, challenges which are released in day 2 and will be used in day 3 game will be announced, and the binaries will be distributed to all teams.