From a7eb13e2117fd24727e141070dbf3cbce8b70ac8 Mon Sep 17 00:00:00 2001 From: Mauro Tempesta Date: Wed, 6 Nov 2019 15:22:35 +0000 Subject: [PATCH] Update README.md --- README.md | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 50312d9..ad5df22 100644 --- a/README.md +++ b/README.md @@ -39,9 +39,12 @@ As specified in the [Course intro](meetings/20191015/course-intro.pdf), each stu Write-ups must be submitted directly on [Gitlab](https://gitlab.w0y.at/ctf-seminar/ws19) under the directory `writeups//` as a single Markdown file called after the CTF. Say, for instance, that your handle is `l33th4ck3r` and you want to submit the write-up for the SECCON'19 CTF, then just create the file `writeups/l33th4ck3r/seccon19.md`. If you need to store additional files to complement your write-up, such as scripts or screenshots, add a subfolder (such as `writeups/l33th4ck3r/seccon19/`) in your own directory and save those files there. -Your write-up file should provide an overall personal consideration of the CTF in retrospective and then a detailed technical analysis of the challenges that you attempted to solve, either successfully or not. +Your write-up file should provide an overall personal consideration of the CTF in retrospective and then a detailed technical analysis of the challenges that you attempted to solve, either successfully or not. A good example of *detailed technical analysis* of a challenge can be found [here](https://w0y.at/writeup/2019/10/27/tasteless-2019-gabbr.html). -Please submit your write-up within 2 weeks after the end of the CTF. +According to the ECTS breakdown in the lecture description on TISS, one should expect 20h for meetings and 130h of individual project work for preparing the talk (see below), playing CTFs and reporting on them. +It follows that if you decide to play 3 CTFs overall, you should invest an average of 40h for each of them. We highly suggest to specify in your write-ups the time spent for each challenge you approached and reported on. + +If you feel like one of the tasks you solved is particularly interesting, let us know and we will consider it for publication in the [w0y website](https://w0y.at). Talks @@ -56,4 +59,19 @@ Some recommendations for your talk: * Provide an overview of the intended functionalities of the application * Describe all the attempts you made to find the vulnerabilities, including unsuccessful ones (time permitting) * Explain the exploitation steps in an understandable manner -* If possible, describe the impact of this security threat in a realistic scenario and discuss possible countermeasures \ No newline at end of file +* If possible, describe the impact of this security threat in a realistic scenario and discuss possible countermeasures + + +Evaluation +---------- + +Talks are evaluated according to the following criteria: +* adherence to the guidelines above +* clarity of the presentation +* correctness and understanding of the topic +* time management + +Similarly, write-ups are evaluated on: +* clarity of the write-up +* correctness and understanding of the topics +* provided level of details \ No newline at end of file -- 2.43.0