A CYBER event.
CyberHome is a capture the flag made with ENSTEINS Developers, Bringing to our community some creative and crazy (but not too much) challenges. Focused toward beginners! In more human terms, we run a set of cyber-security challenges, of many different varieties, with many difficulty levels, for the purposes of having fun and learning new skills.
Ignore this ctf, they copied all their challenges from riceteacatpanda ctf and nullcon. Complete mockery
Absolute waste of time, stolen challenges from NullCon and HouseplantCTF, without permission. Horrible reflection of it's target, which is described as "The Beginner Cybersecurity CTF Community."
so disrespectful to ctf creators who work so hard making original challenges only for them to be stolen almost exactly without any credit to the original creators. especially after asking for a promotion in one of said ctf creator servers. embarrassing.
Không làm mà đòi có ăn thì chỉ có ăn cơm cúng thôi nhé, thồn lằng
They don't know how to create a ctf but they want to get a big rating
no no no, that not easy :)
Did they get ddos'd ?
Don't think so. Their discord server is also deleted
now server is down?
Shittiest CTF I have ever been. My beginner CTF was like 10x harder than this CTF. Most of the challenges were blatantly copied. Why dont people realise that submitting flag upper case and lower case or trying various combinations of upper and lower case should never be a part of ctf. The fun in CTF lies in solving challenges, not formatting the fricking flag. Overall a completely shitty CTF.
Just a trash CTF event that came to fool everyone , admin suddenly closed the site , deleted the discord server and blocked everyone.
Words of the admin: "It's all about flag guessing!"
I've been in a ton of garbage CTFs, but this one was honestly by far the worst. Disregarding the difficulty of the challs, the challs were guessy, the flag format was questionable, and like many others have said, some of the questions were directly stolen from other competitions, namely the NullCon and houseplant CTFs. When asked to fix an incorrect flag, the admins were unhelpful, rude, and a few refused to give any help whatsoever, even if the flag was only off by one homoglyphic character. It was clear that the challenge authors were uninspired and lazy even when copy/pasting challenges, as most of the "crypto" was either a combination of converting bases or basic fucking classical crypto.
The only thing challenging about this competition was guessing either the flag format or capitalization of the flag. More time was spent deciphering if a character was a "0" or an "O" than writing this post, which really says a lot about the bullshit that every team had to go through in order to submit a fucking caesar ciphered flag. It would be wrong to say that this CTF contained a cryptography category, and it is impressive how uninspired the authors had to be to write these challenges. All this category contained was converting bases, repeatedly decoding caesar ciphers, the bacon cipher and morse code -- all of which are literally centuries old and have no modern use other than being a waste of time.
The forensics category was especially bullshit; it was essentially repetitive LSB, binwalk, or more morse, as if there wasn't enough in the "cRyPtO" category.
Practically all of the challenges could practically be solved without an internet connection. There were 6 challenges in the reversing category; 3 of which could be solved using "strings", one which was just a fuckton of substrings, another one that just used the caesar cipher, and the last, which was a beginner binary which you were asked to reverse.
Overall, this CTF was terrible, but not I wouldn't call this CTF "fucking shit", that'd be insulting to shit. Even shit has more educational value than the challenges in this CTF.
a horrible terrible CTF
haha ... they just disappeared ..... lol
I'm part of the RiceTeaCatPanda team, and I was specifically the guy talking to KyuCore about setting up his CTF, as well as being the guy to post their ad in our announcements channel.
I was unaware that they had stolen our challenges without credit. It goes without saying that if I had known this, I would not have helped at all.
KyuCore, if you're reading this: I tried to help you - when you had issues with your hosting, issues with not putting your competition on CTFtime soon enough, issues with having no Cloudflare setup for DDoS prevention, and that's even ignoring the ad I posted for you. Other members of the RTCP team have helped you out before too. You asked for help with setting up CTFd from us, and we provided you with help. We answered your questions about hosting and logistics related to running a CTF so you could succeed. We wanted you to do well.
To then go and steal our challenges that are blantly listed on our site is DISGUSTING. I feel upset and most of all, betrayed. I was genuinely hoping your CTF would turn out ok and be a good experience for everyone involved. Shame on you. I don't want to hear from you again.
Fucking assholes. Stealing other people's work. Make sure you never host a CTF again.
Can someone explain to me why Zh3r0 CTF (https://ctftime.org/event/1062), which had a lot of the same problems as this CTF, got great reviews? But this CTF is bashed to the ground, their website DDOSed, and cloud provider attempted hacked? It was meant as an introductory CTF to extreme beginners, yet here we see lots of experienced players attacking it for being too easy for their taste. The correct course of action is to rate the weight down, not bully the organizers into deleting the whole thing, after multiple teams have invested time in the CTF. Also, for the first 8 or so hours of the CTF, few people voiced their issues with the CTF, until a certain mob of people started their childish rioting, which solved exactly zero of the problems they had. To me, it sounds more like the problem was that the "right" teams weren't able to win this.
Zh3r0 CTF also stole challenges, and had a ton of arbitrary base encodings and ROT ciphers applied everywhere. Some flags even missed multiple letters, or came with intentional typos you were supposed to fix. But the 25-ratings for it are raining, and why is that? Did they just steal from the right persons, or did the largest complainers secure good enough positions to let it slide for the CTFTime points?
RiceTeaCatPanda CTFs have also been horribly guessy, to the point where they joked about being "60% less guessy" in their next iteration. A lot of the challenges were impossible to solve without private hints from the admins, and the amount of hints you managed to gather directly determined your final position on the scoreboard. A lot of people liked this "heal each other" attitude though, even though it's supposed to be in a competitive setting.
I'll concede that this CTF was among the easier I have done in the past years, and that the flags were a bit guessy, but once you understood the "trick" (all lower case, add underscores) all the flags seemed to follow that theme. If the admins announced this early on, it would've instantly solved most of the frustration, and should've been done early on. But it wasn't unsolvable. Straight up stealing other challenges is not very cool either, and not owning up to it is unacceptable. But this is a problem you should take up with the admins, and rating the weight down on CTFTime. Instead we get this wild, uncontrollable Blackhat mob that burns it to the ground. And that's _REALLY_ not a cool thing to do.
The team(s) that threatened the admins, hacked their infrastructure, attacked their cloud provider and DDOSed their site over this, should really take a step back and reevaluate how important this is in the grand scheme of things. Then take a long break from CTFs.
They have mentioned it from the beginning: "Focused toward beginners!". I don't get why is everyone disappointed like that.
Indeed, many of the challenges were copied off of RTCP's CTF, the flag format was quite annoying with all the guessing, and the challenges were quite a few as well. But their intent was to educate and train beginners.
The actual mistake they did was not crediting the real challenges' authors, or at least modify the challenges so they won't be too similar to the original (allow me to compliment team RTCP here, whose work was flawless and the challenges were aimed at beginners while being entertaining and educative at the same time. Job well done, guys!).
Yet, the amount of hate and the way everyone approached the situation wasn't the wisest. Repetitive insulting, making them bring the CTF server down, then they delete their Discord server. You have now even made the beginners who wanted to try out this CTF lose their chance to train on the challenges (which yes, were not an original work but you get the point).
I would like to at least thank the Ensteins team for all the work they've done for the sake of letting beginners practice on the challenges. Just be careful to credit people's work properly in the future if you plan to run another CTF, or better, be creative and make your own original challenges.
Thank you for your hard work!
Myrdyr, I know you're salty as fuck over not now getting to win the only ctf you would ever have a chance of winning, but please stop being such a fucking bootlicker and apologist for what was probably the worst CTF I have ever seen.
It's ironic that you'd say "To me, it sounds more like the problem was that the "right" teams weren't able to win this." because the whole reason you made that post in the first place is because you desperately wanted to win, and now won't get the chance.
What a shame.
You cannot, in good faith, compare ZH3R0 CTF, which for all its many faults, was pretty good in the end, and this absolute clusterfuck of a CTF, which had literally nothing going for it.
Also, at least the challenges in Houseplant were fucking original, rather than literally copy pasted verbatim.
Please stop trying to excuse the shitty practice of just straight up copying from other CTFs just because you're crying over not being able to win for once.
In response to the comment above:
> But their intent was to educate and train beginners.
So? That's not what people are complaining about, they're complaining that the enitre ctf was plagiarised down to the rules literally saying HOUSEPLANT RULES. And it's not going to be very educating when most, if not all of the solutions can be found on the ctftime pages for houseplant and nullcon.
> The actual mistake they did was not crediting the real challenges' authors, or at least modify the challenges so they won't be too similar to the original
So, their mistake was getting caught? Seems fishy to me. Maybe consider not stealing challenges from the very people who helped you build the ctf?
> making them bring the CTF server down
Nobody *made* them do this. They decided to completely vanish when they couldnt explain the similarities between other ctf's challenges without outright lying.
> now even made the beginners who wanted to try out this CTF lose their chance to train on the challenges
Except for the fact that all the challenges are from other ctfs, and are still available where they were *originally* hosted.
> I would like to at least thank the Ensteins team for all the work they've done for the sake of letting beginners practice on the challenges.
rak1507, if you read myrdyr's post again you can see that it is the bullying he is not accepting. Do we really want this childish bullying in our community? After seeing what you did in the Discord server yesterday I can tell you want it and I can tell it probably want make sense to tell this to you, but I am saying this to everyone else...
At least I take a stand against bullying like some did yesterday. The ones who did could have stopped after letting the organizers know that plagiarism is not okay. Everything else you did was not really necessary imo.
Also, we did not really waste much time so it does not really bother (at least me) that we lost those points. As myrdyr is pointing out, the rating is what should tell if the CTF is good or not, not bullies. And with the rating they would have gotten (or at least the one we would have given them), we would not get many points either way.
damn rak tuxic
while i can't say for sure, zh3r0 ctf had original challenges. while other people might have complaints against cyberhome for reasons relating to poorly executed challenges and such, as a developer of a ctf that was stolen from, i, along with my team members, were angry because they directly stole challenges from many ctfs. this, coupled with the team's lack of accountability and ownership of their mistakes and the fact that one of our backend developers helped them with infrastructure, setting it up, and securing it, and also we promoted them. the most irritating part is their attempts to hide the truth; when one person explicitly called them out, they got banned. when more people started, they turned slowmode on(they say it's to read but let's be honest here) and even when they knew they couldn't defend themselves anymore, they still made excuses like "we just want to help beginners"(which would be a good motivation if not used to deflect criticism of stolen challenges and not giving credit). we were not rioting because we couldn't win the ctf lol.
zh3r0ctf had challenges that i had never seen before, although my judgement might be inaccurate. and while rtcp had some guessy challenges, we a) are genuinely trying to improve it, it's not just a joke to us, and b) take pride in our ORIGINAL challenges
to people who are still crediting them on their hard work:
please don't. it's sooo insulting to the ctfs they stole from. backend stuff is only part of the challenge(might i mention again, they were helped by our team on that) but stealing challenges is simply inexcusable. they wanted the credit for others' work; they didn't do just do this for the beginners. otherwise, they would have credited us from the get-go.
to people who are saying we could have stopped after letting them know it's not okay:
if someone copies your hard work in school, you don't just tell them that it's not okay, you (should) report them, especially if it's a big project. if you just tell them and they carry on with presenting the work as their own, they will keep doing it. no one in the class will know and they will get the credit. if a teacher catches a student cheating on an important assignment, they don't just say "don't cheat again", they give you a 0, fail you in the class, or even expel you.
we(the rtcp team) wanted them to send out a public admission and apology for stealing challenges. the longer the situation continued, the more drastic the consequence had to be. so they ended up deleting it. whatever. what they did was not okay. they deserved it.
I feel the name of the CTF is also copied from somewhere!
yeah CTF was okay. wasnt great
hey whats up did you know you can tag people in ctftime comments :D
Didn't really mean to give them excuses and I don't expect people to forgive them for what they did. I would really hate it if my work was copied off as well. SO BAD.
All that irritated me was everyone's reaction to this. Insult followed by yet another insult. You could have just given them an awful rating and explained your point in the comments here, and that would be enough to show your dissatisfaction. It's the original challenges' authors who could take a further action and maybe even report them since it was their hard work that was stolen. Otherwise, as a mere participant, I don't see that it's reasonable to spend your time offending, whether it was only calling the CTF a complete failure, or DDoSing the server.
I, too, believe the situation would calm down a bit if Ensteins sends a public apology. The least they could do. Hoping no one repeats what they did.