Fri, 04 Dec. 2015, 18:00 UTC — Sat, 05 Dec. 2015, 18:00 UTC 


UCSB iCTF event.

Format: Attack-Defense Attack-Defense

Official URL:

Rating weight: 35.00 

Event organizers 

no logo

The theme of the 2015 iCTF is “crowdsourcing evil” also known as "making bad".
In order to participate to the iCTF, each team has to write a vulnerable service.
The service must follow precise specifications (a document describing the service specs and an example of a service will follow).
The service will then be put in the vulnerable image and will become part of the competition.
Of course, the team who created the service will not be able to score against that service, but all the others are fair game.
The service can be web-based or use a stdin/stdout-over-[x]inetd style.

One important question is: How difficult should the vulnerability in the service be?
If the vulnerability is too easy (i.e., too many teams will be able to break into the service) your team will be penalized.
If the vulnerability is too difficult (i.e., not enough teams will be able to break the service) your team will also be penalized.
Of course, finding the right balance is difficult, and that’s why it’s a challenge!
So, during the iCTF you can imagine that the services will be ordered by the number of teams that exploited the service.
This order is then used as an index in a statistical distribution to determine service points.
The service points are then composed with more traditional points (attack points, defense points, and SLA points) to copmute the final score.

Be the best at finding the right balance in vulnerability complexity and you will gain an edge over the other teams!

Note that some things are different this time around:

1) We will not run your exploits on your behalf, like we did the past few years

2) All interaction with the iCTF will be through a Python module.
After you execute "pip install ictf" you will be able to register and provide your credentials/services/matadata through functions from the ictf module.

Note that the services are due on November 20th (of course, you need to register before that date as well).
If you have not provided a service by then, you will NOT participate in the iCTF.

Also please consider the fact that your team's service will be shared with all the other teams.
If your service is lame, you will be mocked forever.
If your service is cool, you will be celebrate as the elite team you are.

Note that the competition is open only to teams from educational institutions.
We will require a faculty POC who will be responsible for the ethical behavior of the team.

We will run a lot of your code during service installation, so please try to be nice and avoid trying to hack the platform ;-)

More details about service creation will follow. In the meanwhile, start thinking about the service you want to submit to enter the competition.

Have fun!


35 teams total

PlaceTeamCTF pointsRating points
1 Bushwhackers 75.85070.000
2 saarsec 56.70043.663
3 dcua 36.11028.329
4 DCI-ETS 30.14022.658
5 Hacknam Style 23.04017.632
6 alpha 22.83016.368
7 M.I.S.T 21.31014.833
8 WE_0WN_Y0U 20.00013.604
9 Delusions of Grandeur 19.96013.099
10 CInsects 18.61012.087
11 Hanoiati 16.84010.952
12 Noobs4Win 15.60010.115
13 SiBears 15.0409.632
14 THOR - Talented Hacking Oblivious Robots 9.3406.810
15 Colonel 0x20 8.9306.454
16 InSecurity 8.7006.202
17 ADM-3A CHOWDER 7.8405.676
18 Hackademics 6.5104.948
19 FAUST 6.5104.846
20 H4x0rPsch0rr 6.2904.652
21 Red Cops 6.2104.532
22 in23canation 6.2004.452
23 HTWG 5.5304.073
24 pwndevils 4.7903.669
25 Bashflounder 3.5603.043
26 BUILDS 2.5702.532
27 heks 1.5101.993
28 Fighting Unicorns 1.4801.933
29 WOLFPACK 1.3401.825
30 Ulm Security Sparrows 1.0601.656
31 UCCSCSC 0.7001.452
32 SYPER 0.3201.241
33 disekt 0.2101.158
34 49thSecurityDivision 0.0000.000
35 1338-offbyone 0.0000.000
Fish – Nov. 23, 2015, 8:35 p.m.

The correct date and time of this CTF should be 18:00 UTC on Dec. 4th, 2015.


jacopo.corbetta – Nov. 23, 2015, 10:54 p.m.

If you're confused on the time:

KT. – Dec. 1, 2015, 1:10 a.m.

Uhhh only one team from the TOP10: ... Looks like everybody will be at HITCON? :)

bayswaterescorts – Dec. 1, 2015, 3:44 p.m.

gg well played.

virus00x – Dec. 4, 2015, 11:25 a.m.

where the link of registering

KT. – Dec. 4, 2015, 1:10 p.m.

@Anas: this is an online attack-defense CTF for university teams, the registration deadline was about a week ago.

KT. – Dec. 18, 2015, 8:08 a.m.

Weight 35 looks too much for a CTF which the top teams essentially had to skip.

Also last minute change of the competiton length (from 24 to 8 hours) did not help either. The 24 hours length was one of our main reason not to compete...

tpr – Dec. 19, 2015, 11:23 a.m.

Weight 35 for a CTF which was only open to "educational institutions", seriously ?