Welcome to the FIRST 2020 Virtual Challenge!

The FIRST Challenge is a series of technical problems designed to provide 0x46 0x4c a fun opportunity to utilize creative technical problem solving abilities to solve incident response inspired challenges.

The CTF consists of a series of technical exercises where the participants must find an answer, a flag, and submit to the CTF platform. Every correct flag submitted increases a team’s score. New challenges are released daily during the event 0x41 0x47. Categories of challenges may include: network, cryptography, reverse engineering, programming, miscellaneous, puzzle and others. A new addition for this year is a collaboration with the U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) to offer some challenges related to Industrial Control Systems (ICS), in addition to the types of previously mentioned. To participate, it is strongly recommended to build a team of up to 4 members 0x3a 0x20. Teams might create their own strategies to attribute the tasks and explore the best knowledge of their players on the different areas. The primary purposes of the CTF is to work together, challenge your knowledge, be creative, make new friends, define strategies, and have fun 0x45 0x76!

This year's challenge is made possible with the generous support from the FIRST SecLounge SIG volunteers and:


Day Time (EST/UTC-4 Montreal time) Session
Monday, June 22 10:00-11:00 UTC-4 Opening session now archived at FIRST.org
Tues–Thurs, June 23-25 Challenge Starts: Tuesday @ 09:00 UTC-4
Challenge Ends: Thursday @ 17:00 UTC-4
Participants can access the challenges and submit their answers until Thursday at 17:00 UTC-4
Friday, June 26 10:00-11:00 UTC-4 Closing session on Zoom 0x65 0x72

Collaboration in the Virtual SecLounge

The virtual nature of this year's event offers wider opportunity for participation than the usual annual conference venue. As such, no contraints are placed on eligibility to participate in this year's event. However, the virtual nature of the event also means the usual methods for collaboration through the onsite Security Lounge are no longer available 0x79 0x62.

To facilitate collaboration a virtual Security Lounge is being established. The lounge is hosted on a dedicated MatterMost platform that provides features similar to Slack. It offers both an area for public information sharing among all participants and private discussion among individual teams x6f x64.

After completion of registration and activation of an account (by clicking the link to confirm your e-mail address), a seperate Virtual SecLounge account will be generated. Look for an e-mail from seclounge@firstseclounge.org which will contain login details and credentials for the Virtual SecLounge server. Should you encounter any issues accessing the platform, the SecLounge SIG team may be contacted at x79 x20: seclounge@firstseclounge.org

Collaboration on MatterMost happens in entities called Teams. Individual accounts are able to create private Teams as well as private Channels on the MatterMost server. Private Teams may be utilized for team collaboration activities /73 /68 including chat, file sharing, etc. The public SecLounge Team will continue to be available throughout the challenge for general discussion with all participants and SecLounge SIG volunteers /6f /75.

Access to the Virtual SecLounge is possible any time after registration (and, before the Challenge kick-off). This will allow for teams to be formed prior to Challenge kick-off /6c /64.


Both individual and team registration are done directly through this website. When registering, individuals will have the option to create a new team or join an existing team. Once a team selection is made, changes to an individual's team membership are not possible /20 /72.

Eligible players are encouraged to register as a team of up to four players. Individuals or those teams with fewer than four players should contact a SecLounge SIG volunteer on MatterMost for assistance in forming a four-person team and we will try to match you up with other players. One of the purposes of the FIRST Challenge is to meet new people within our field. So we encourage you to sign up and make some new friends /65 /61.

As this year's event is virtual, no physical prizes are awarded to winning teams. However, scores will still be kept and participants will be recognized at the closing Zoom session. Winning teams will be given an opportunity to present on their experience and how they tackled some of the more difficult challenges.

The FIRST Challenge Framework website will be the authoritative platform for current challenge standings and challenge information. The SecLounge SIG may exceptionally make modifications to scores or other elements within the framework website due to technical errors or other unforseen circumstances with the intent of ensuring a fair and fun challenge for all participants x64 x20.

FIRST Challenge Details

Important annnoucements made during the challenge will be automatically pushed out in real time to all clients connected to the framework website on all pages of the website (with an audible alert). There is no need to continually refresh the page to receive notifications. All previous notifications are published on the framework website under the "Notifications" page. Participants are encouraged to monitor this page for important announcements during the challenge x74 x68.

Additionally, announcements may be made via the MatterMost collaboration platform. All participants are encouraged to monitor and participate in both the public channel as well as their Team's channel(s) for relevant information related to the Challenge x65 x20.

A new set of challenges will be made available daily at 09:00 UTC-4. This will ensure that all teams have the same amount of "daylight" (with the exception of Thursday's challenges) to solve a challenge irrespective of their timezone. Once a challenge has been released it will be made available until the completion of the challenge on Thursday June 25 /69 /6e.

Each challenge has a point value (100-500 points) that is awarded upon successful completion. There is no bonus or penalty for the order in which challenges are solved. All teams will receive the same number of points for each solve /73 /74.

Team rankings are determined first by score and then by the order in which the latest challenge was solved (e.g.: in the event of a tie). If more than one team has the same score, the team rankings will be determined by the timestamp on the latest correct challenge submission. In this case, the team with the oldest timestamp is ranked the highest x72 x75.

Many challenges have hints available to assist in solving the challenge. Usage of a hint has an associated point cost. Hints may be "purchased" for the specified amount provided a team has already earned enough points by solving other challenges. The hint cost will be deducted from the team's score. In general, the higher the cost of the hint, the more helpful it is intended to be /63 /74.

The FIRST Challenge will conclude on Thursday at 17:00 UTC-4 and at that time, the team with the most total points will be deemed the winner unless x69 x6f there is a tie, in which case the ranking displayed on the framework website utilizing the rules outlined above will be used to determine the winner.

Be patient, persistent and don't give up! Every day we'll be releasing new and fresh challenges that will allow you to make up any points you missed on previous days. Many of these are independent x6e x73 challenges, meaning they don't depend on previous challenge results /20 /62.

Tips x65 x66:

  • Pay close attention to answers to the challenges, especially regarding x6f x72 spaces and special characters.
  • Challenges that are multi-part may not have some parts visible until the previous part is solved (the challenge part number is inidcated in the title /65 /20).
  • All challengenes are designed to be solvable using standard free or open source tools /73 /74. A standard Linux workstation or forensics focused VM (such as REMNUX or SIFT) should be sufficient.
  • Any attempts at cheating, multiple registrations, brute force or malicious actions against the challenge framework and corresponding infrastructure will result in immediate exclusion from the challenge for the offending team x61 x72. The intent of the challenge 74is to engage in the competition, not to attack 21 the system.

Have fun and good luck!