Monday, August 12, 2013

Defcon 21 CTF

And here we are again in Vegas this year for Defcon 21 CTF!

New organizers this year: LegitBS, 8 people including members of Samurai (last year's winners).

In short, they did really good. Great game, good challenges, always on time and most of the things working.
Congrats to PPP (hardcore CTF players), men in black hats (we recognized some Hates Irony folks) and raon_ASRT (?) for the podium. We placed 5th, it was hard!

Final scores
Scoreboard 1 hour before the end
Scoreboard 1h before the end
Final scores

Game rules were essentially:
  • 8 people per team
  • zero-sum scoring
  • no root access (and escaping your jail disqualifies)
  • only flag steal, no deface (writing team key)
  • 1 cable to game network, captures provided separately
  • IPv4
Read the full rules on LegitBS blog: Finals 2013 rules.


We managed to score on 4 of the services: atmail, bookworm, avoir and trouver. We were close on lonetuna and reeses.

Graph of services we scored


And unlike last year, we scored at least some flags on PPP!

Graph of teams we scored


As the scoreboard reveals with several teams at 0, it was a very defensive game: you had to keep your SLA up (or you loose 19 flags) and patch your services early (or you loose 19 flags every round at least one team scores you). We did pretty good on that, which is why we were able to stay positive.

It was also useful to have minimum sysadmin skills to make sure your box is still up and not overloaded with the various DoS some teams were sending, as it could affect your SLA. Bad SLA for all the services (6) is costly: 6*19 = 114 flags, every 5 min.

Make your own stats and analytics by downloading LegitBS 2013 Finals Scorebot SQL.

No comments:

Post a Comment