Overview & The Rules

Overview

Capture The Flag Type:  Jeopardy CTF with Virtual Machines

The SGAUS Cyber Competition will provide a competitive Cyber Exercise open to all Title 32 service members and senior military colleges. Teams of 2 to 4 will engage in escalating problem-solving tasks designed to hone their skills in Defensive Cyber Operations (DCO). Accessible on-site and online.

ALL TEAM MEMBERS WILL RECEIVE A CERTIFICATE FOR PARTICIPATING.

SGAUS CYBER EXERCISE RULES - 2023

Throughout these rules, the following terms are used:

• Gold Team/Operations Team - exercise officials that organize, run, and manage the exercise.
• White Team - exercise officials that observe team performance in their exercise area and evaluate team performance and rule compliance.
• Black Team - exercise support members that provide technical support, pick-up and deliver communications, and provide overall administrative support to the exercise.
• Blue Team/Competition Team - the competitive teams consisting of Title-32 members competing in the SGAUS Cyber Exercise.
• Team Captain - a member of the Blue Team identified as the primary liaison between the Blue Team and the exercise operations.
• Team Co-Captain - a student member of the Blue Team identified as the secondary or backup liaison between the Blue Team and the Operations Team, should the Team Captain be unavailable (i.e. not in the room).

Competitor Eligibility

1. Competitors in the SGAUS Cyber Exercise must be members of a State Guard/Defense Force, National Guard or Senior Military College.
   1. Team members must be in Title-32 Status.
   2. Individual competitors must have authorization from their command to represent their state in the SGAUS Cyber Exercise.

Team Composition

1. Each Exercise team may consist of up to four (4) members. 
2. A team member may only participate on a single team; if the member unit has more than one team participating.
3. Once the SGAUS Cyber Exercise has begun, a team must complete the exercise with the team that started the exercise.  Substitutions, additions, or removals of team members are prohibited except for extreme circumstances.
   1. Team Representatives must petition the Exercise Director in writing for the right to perform a change to the exercise team.
   2. The Exercise Director must approve any substitutions or additions prior to those actions occurring.
4. Teams or team members arriving after an event’s official start time, for reasons beyond their control, may be allowed to join the exercise provided a substitution has not already been made.  Event coordinators will review the reason for tardiness and make the final determination.
5. Each team will designate a Team Captain for the duration of the exercise to act as the team liaison between the exercise staff and the teams before and during the exercise.  In the event of the Team Captain’s absence, teams must have an identified team liaison serving as the captain in the exercise space at all times during exercise hours.

Exercise Conduct

1. Teams must compete without “outside assistance” from non-team members from the start of the exercise to the end of the exercise.  All private communications (calls, emails, chat, texting, directed emails, forum postings, conversations, requests for assistance, etc) with non-team members that would help the team gain an unfair advantage are not allowed and are grounds for disqualification and/or a penalty assigned to the appropriate team.
2. No offensive activity against any system outside the team's assigned network(s), including scoring systems, will be tolerated. Any team performing offensive activity against any system outside the team's assigned VMs will be immediately disqualified from the exercise. If there are any questions or concerns during the exercise about whether or not specific actions can be considered offensive in nature contact the Operations Team before performing those actions.

Professional Conduct

1. All participants, including competitors, White Team, Ops Team, and Gold Team members, are expected to behave professionally at all times during all SGAUS events including preparation meetings, receptions, mixers, banquets, exercises and so on.
2. Activities such as swearing, consumption of illegal drugs, disrespectful or unruly behavior, sexual harassment, improper physical contact, becoming argumentative, willful violence, or willful physical damage have no place at the exercise and will not be tolerated. 
3. Violations of the rules can be deemed unprofessional conduct if determined to be intentional or malicious by exercise officials.
4. Competitors behaving in an unprofessional manner may receive a warning from the White Team, Gold Team, or Operations Team for their first offense.  For egregious actions or for subsequent violations following a warning, competitors may have a penalty assessed against their team, be disqualified, and/or expelled from the exercise site.  
5. Individual(s), other than competitors, behaving in an unprofessional manner may be warned against such behavior by the White Team or asked to leave the exercise entirely by the Exercise Director, the Operations Team, or Gold Team.

Questions, Disputes, and Disclosures

1. PRIOR TO THE EXERCISE: Team captains are encouraged to work with the Exercise Director and their staff to resolve any questions regarding the rules of the exercise.
2. DURING THE EXERCISE: Protests by any team must be presented in writing by the Team Captain to the White Team as soon as possible.  The exercise officials will be the final arbitrators for any protests or questions arising before, during, or after the exercise.  Rulings by the exercise officials are final. All exercise results are official and final as of Exercise Closing.
3. In the event of an individual disqualification, that team member must leave the exercise area immediately upon notification of disqualification and must not re-enter the exercise area at any time.  Disqualified individuals are also ineligible for individual or team awards.

Technical Requirements

• Computer with internet access for each team member
  • Network preferably without content filtering
  • Web browser
  • Applications which may assist with solving of challenge questions
• Pre-installed applications for opening virtual machines (OVA)
• Pre-installed Zoom client

FAQs

1. What kind of Cyber Exercise is this?
   1. Jeopardy CTF with Virtual Machines
2. What is a Flag?
   1. A flag is some sort of text/hash that you submit to CTF portal to get the challenge points.(e.g flag{This1sthefl@g!})
3. What is the registration OPSEC policy?
   1. While the Cadre of the SGAUS Cyber Exercise & Competition will require information on all participants, only the Team Name and home state will be disclosed publicly (via scoreboard).
4. Can I register using my personal Gmail?
   1. No, you must register using your official .GOV, .MIL or .EDU
5. Will my team attack VMs of other teams?
   1. No
6. What should my team use to operate VMs?
   1. VMware, Virtualbox or similar software
   2. VMs are in OVA format
7. What is the duration of the Cyber Exercise?
   1. 4 Hours
8. Will I need a 10 core-xeon workstation to complete the challenge?
   1. No
9. Should I use a separate VM to analyze potential binary files?
   1. Yes, for security reasons this could be useful
10. Can I ask my friend, a cyber SME, to help during the challenge?
    1. No, there is no outside contact allowed between exercise start & end with non-team members
11. How will exercise command interface with teams during the exercise?
    1. A Zoom/Google Meet session will remain open between all exercise operations teams and the team captain for the duration of the exercise
12. If I need to contact exercise support during the challenge, how can I do so?
    1. A team captain will interface with exercise operations within the Zoom/Google Meet and be provided a private room to ask specific questions.

         13.    Will there be a cost associated with participating remotely?

                      1.  No, participation is free of charge.