Fri, 29 Jan. 2016, 15:30 UTC — Sun, 31 Jan. 2016, 15:30 UTC 

On-line

HackIM event.

Format: Jeopardy Jeopardy

Official URL: http://ctf.nullcon.net/

Rating weight: 5.00 

Event organizers 


HackIM CTF will starts on 29th Jan 2016 22:00 (GMT +5:30) and will last till 31st Jan 2016 22:00 (GMT +5.30).

Registration for HackIM is open. Please register yourself at http://ctf.nullcon.net. There are various categories ranging from Exploitation, RE, Programming, Crypto, Web, Forensics and Miscellaneous and it’s going to be fun playing!

Prizes

1. Winner will get Gadget worth INR 50K.
2. First Runner up will get Gadget worth INR 20000.
3. Second Runner up will get Gadget worth INR 10000.
4. Top 30 participants will get EMC Defenders League Tshirt and Certificate, if they choose to participate on nullcon Goa 2016.

Scoreboard

535 teams total

PlaceTeamCTF pointsRating points
1 HackXore 8600.00010.000
2 dcua 8300.0007.326
3 khack40 8200.0006.434
4 testdata 8000.0005.901
5 OpenToAll 8000.0005.651
6 Snatch The Root 7900.0005.426
7 MeePwn 7800.0005.249
8 foo 7800.0005.160
9 z3r0 7800.0005.090
10 H4rryp0tt3r 7700.0004.977
11 blah_blah 7600.0004.873
12 P3t3rp4rk3r 7600.0004.835
13 bobbob 7500.0004.745
14 knc 7400.0004.659
15 ISITDTU 7400.0004.636
16 0xc0d3r 7400.0004.615
17 sec0d 7300.0004.538
18 p4 7200.0004.464
19 #GLOBALHACK 7200.0004.449
20 aggkunal 7000.0004.320
21 ASIS 6800.0004.192
22 w0pr 6600.0004.064
23 Insanity 6500.0003.996
24 Raccoons 6400.0003.929
25 Taipei-Meow 6000.0003.688
26 Dystopian Narwhals 5900.0003.623
27 kopipacket 5800.0003.557
28 RPISEC 5500.0003.376
29 Shellphish 5500.0003.370
30 xil.se 5500.0003.364
31 Fast Affine Projection 5500.0003.359
32 b01lers 5400.0003.296
33 Indust3r 5400.0003.291
34 ECX Inc. 5300.0003.228
35 NYUSEC 5300.0003.224
36 DMU Hackers 5300.0003.220
37 0x90r00t 5200.0003.158
38 0xbadf00d 5100.0003.097
39 SDSLabs 5100.0003.093
40 Invulnerable 5000.0003.032
41 pony7 4900.0002.971
42 vhssunny1 4900.0002.968
43 BambooFox 4900.0002.965
44 9SOC_team 4700.0002.846
45 0x34044 4700.0002.844
46 farmingsimulator2015 4700.0002.841
47 BreakPoint 4600.0002.781
48 Shady Hats 4500.0002.720
49 unicornsandrainbows 4500.0002.718
50 firebeard 4500.0002.716
51 Anonymouse 4500.0002.714
52 cyberboss 4500.0002.712
53 UTDSFS 4400.0002.652
54 imandog 4400.0002.651
55 ChocolateMakers 4400.0002.649
56 Plaid Parliament of Pwning 4300.0002.589
57 Dragon Sector 4300.0002.588
58 bangarubabu 4300.0002.586
59 0wl 4200.0002.527
60 BU 4200.0002.525
61 LosFuzzys 4200.0002.524
62 batman 4200.0002.523
63 objEEdump 4200.0002.521
64 Franky 4100.0002.462
65 alla2 4100.0002.461
66 VTCSec 4000.0002.401
67 bbakwas 4000.0002.400
68 Capture the Swag 4000.0002.399
69 shivamd001 4000.0002.398
70 All4Hacks 4000.0002.397
71 Hanoiati 3900.0002.338
72 fetchAndLog 3900.0002.337
73 Bits For Everyone 3800.0002.278
74 cyberkastike 3800.0002.277
75 hashtagShells 3800.0002.276
76 Brutewoorse 3800.0002.275
77 Singularity 3800.0002.274
78 mani0x00 3800.0002.273
79 tw33tm3 3800.0002.273
80 vrth 3700.0002.214
81 laxa 3700.0002.213
82 karthik 3700.0002.212
83 At Least We're Pretty 3700.0002.211
84 dc562 3700.0002.211
85 crayontheft 3700.0002.210
86 MeSelf 3700.0002.209
87 BalalaikaCr3w 3700.0002.209
88 penthackon 3600.0002.150
89 ALLES! 3600.0002.149
90 squeel 3500.0002.090
91 semyon 3500.0002.090
92 coj337 3500.0002.089
93 fiery_falcon 3500.0002.089
94 drdr 3500.0002.088
95 RingZer0 Team 3500.0002.088
96 UConnSec 3500.0002.087
97 nUl1 3500.0002.086
98 rpdsec 3500.0002.086
99 CorpOfHack 3500.0002.085
100 41r574ck 3400.0002.027
101 a00rs 3400.0002.026
102 shsirk 3400.0002.026
103 R천nins 3400.0002.025
104 chomuX 3400.0002.025
105 TKOX 3400.0002.024
106 !SpamAndHex 3300.0001.966
107 0xBU 3300.0001.965
108 def_init_self 3300.0001.965
109 Gilgamesh 3300.0001.964
110 AFiniteNumberOfMonkeys 3300.0001.964
111 Execut3 3300.0001.964
112 francis_c 3300.0001.963
113 theta 3200.0001.905
114 brucel33t 3200.0001.904
115 err0r-451 3200.0001.904
116 In7rud3r 3200.0001.904
117 scorpioinsecure 3200.0001.903
118 c0mrad3 3200.0001.903
119 kamatvishnu14 3200.0001.902
120 kohi 3200.0001.902
121 nvivekk 3200.0001.902
122 latigic 3200.0001.901
123 WCSC 3200.0001.901
124 NULLify 3200.0001.901
125 securityninja 3200.0001.900
126 psmkreddy 3200.0001.900
127 du1iqvw 3200.0001.900
128 nu4nu 3100.0001.841
129 MrGrey 3100.0001.841
130 11-Digit Prime Number 3100.0001.841
131 akredhat 3000.0001.782
132 VatsalDesai93 3000.0001.782
133 Team Sportsball 3000.0001.782
134 Knightsec 3000.0001.781
135 Hexpresso 3000.0001.781
136 jagotu 3000.0001.781
137 ugalesujit 3000.0001.781
138 kileak 3000.0001.780
139 Incision 2900.0001.722
140 pradyotprakash 2900.0001.722
141 deadcode 2900.0001.722
142 u7karsh 2900.0001.721
143 Lfuret 2900.0001.721
144 luhar 2900.0001.721
145 wtfmehftw 2900.0001.721
146 HfxCTF 2900.0001.720
147 krgaurav94 2800.0001.662
148 nishantsny 2800.0001.662
149 luffy 2800.0001.661
150 wctfumich 2800.0001.661
151 D@rk$h3ll 2800.0001.661
152 spyoff 2800.0001.661
153 reblsrbck 2800.0001.661
154 ascii overflow 2800.0001.660
155 wizard of skn 2800.0001.660
156 ScienZiati 2800.0001.660
157 fffroze 2800.0001.660
158 AAAA 2800.0001.660
159 Shadow Cats 2700.0001.601
160 Against All Authority 2700.0001.601
161 vaibhav 2700.0001.601
162 Zanglirex 2700.0001.601
163 Hackstangs 2700.0001.600
164 Nxgr 2700.0001.600
165 Magic Hat 2700.0001.600
166 q86 2700.0001.600
167 OpDeKast 2700.0001.600
168 c0dist 2600.0001.541
169 viod 2600.0001.541
170 rohitdua 2600.0001.541
171 KiFastSystemCallRet 2600.0001.541
172 hariram.mit25@gmail.com 2600.0001.541
173 Robyn 2600.0001.541
174 ChrizBMX 2600.0001.540
175 huskyhusky 2600.0001.540
176 rfc8136 2600.0001.540
177 milosdescendent@gmail.com 2600.0001.540
178 Desiprox_Team 2600.0001.540
179 SUSlo.PAS 2500.0001.481
180 govind 2500.0001.481
181 hexfact0r 2500.0001.481
182 Samurai 2500.0001.481
183 math 2500.0001.481
184 SwissMadeSecurity 2500.0001.481
185 oddcoder 2500.0001.481
186 HackCat 2500.0001.480
187 0x8F 2400.0001.422
188 jnqpblc 2400.0001.422
189 TokyoWesterns 2400.0001.422
190 Hans6626 2400.0001.422
191 bitspleaz 2300.0001.363
192 PeakChaos 2300.0001.363
193 SocietyMen 2300.0001.363
194 jetal 2300.0001.363
195 ninja 2300.0001.363
196 ark 2300.0001.363
197 th3jackers1 2300.0001.363
198 MV9rwGOf08 2300.0001.362
199 mau5 2300.0001.362
200 I Like Trains 2300.0001.362
201 d4rwinb0ts 2300.0001.362
202 katachi 2200.0001.304
203 Gh0$t 2200.0001.304
204 int3pids 2200.0001.304
205 awful 2200.0001.303
206 WeAreScientists 2200.0001.303
207 bl4de 2200.0001.303
208 N2IQU 2200.0001.303
209 seabreeze 2200.0001.303
210 rohit.patil 2200.0001.303
211 TheGoonies 2200.0001.303
212 blah.cat 2100.0001.245
213 gator 2100.0001.244
214 DFCI 2100.0001.244
215 kesatriagaruda 2000.0001.186
216 IS☢LA 2000.0001.186
217 bicycle_overdrive 2000.0001.186
218 Avidya 2000.0001.186
219 TenDollar 2000.0001.186
220 mohit.rajpal 2000.0001.186
221 hrkljus 2000.0001.185
222 Ap4021 2000.0001.185
223 cor3sm4sh3r 2000.0001.185
224 b00m 1900.0001.127
225 smoke leet everyday 1900.0001.127
226 crimson 1900.0001.127
227 mohana.kumari 1900.0001.127
228 ganesh.sp 1900.0001.127
229 sujith 1900.0001.126
230 rah_chitale 1900.0001.126
231 logicbomb 1900.0001.126
232 derp2 1800.0001.068
233 flatline 1800.0001.068
234 chessy404 1800.0001.068
235 hermy310 1800.0001.068
236 king_ghidorah 1800.0001.068
237 tentpegbob 1800.0001.068
238 vssubish 1800.0001.068
239 spam0day 1800.0001.067
240 moniker 1800.0001.067
241 fasil.ullatt 1800.0001.067
242 Harshal24 1800.0001.067
243 J 1800.0001.067
244 ausdrifter 1700.0001.009
245 KKBOX 1700.0001.009
246 Dozty 1700.0001.009
247 nilo 1700.0001.009
248 DhashS 1700.0001.009
249 buttegab 1700.0001.008
250 jempty 1700.0001.008
251 BTSec 1700.0001.008
252 lmRed 1700.0001.008
253 beefcheese 1600.0000.950
254 abzaan 1600.0000.950
255 David 1600.0000.950
256 Batman's Kitchen 1600.0000.950
257 AMG7 1600.0000.950
258 C0debr8kr 1600.0000.950
259 .elite 1600.0000.950
260 Song 1600.0000.949
261 qqqppp 1600.0000.949
262 esamhacks 1600.0000.949
263 Hacknam Style 1600.0000.949
264 Koibasta 1600.0000.949
265 deletefoo 1600.0000.949
266 krish 1600.0000.949
267 Mammon Machine 1500.0000.891
268 bebop17 1500.0000.891
269 ZieloneZuczki 1500.0000.891
270 wagiro 1500.0000.891
271 efiens 1500.0000.891
272 Bopoznpvt 1500.0000.890
273 vulnhub-ctf 1500.0000.890
274 NUSGreyhats 1500.0000.890
275 HansHerbert 1500.0000.890
276 macebich 1500.0000.890
277 SGFk 1500.0000.890
278 ByteShredders 1500.0000.890
279 Kaida@52 1500.0000.890
280 Bushwhackers 1500.0000.890
281 Corb3nik 1400.0000.832
282 jseida 1400.0000.832
283 dummy1 1400.0000.832
284 Saravanaz 1400.0000.832
285 r4ms3sh 1400.0000.831
286 harcon_ 1400.0000.831
287 mridula 1400.0000.831
288 loco 1400.0000.831
289 shodeadman 1400.0000.831
290 cowardmind 1400.0000.831
291 shiplem3 1400.0000.831
292 ignatius 1400.0000.831
293 FluxFingers 1400.0000.831
294 n00bCTF 1400.0000.831
295 taurus 1400.0000.831
296 KuBik 1400.0000.831
297 GoEYPw 1300.0000.773
298 The DHARMA Initiative 1300.0000.773
299 inertiasloth 1300.0000.773
300 st4b 1300.0000.772
301 ItsMeMario 1300.0000.772
302 who2k 1300.0000.772
303 Squidd 1300.0000.772
304 GeeksSpeak 1300.0000.772
305 H4x0rPsch0rr 1300.0000.772
306 ciccio87 1300.0000.772
307 sairaghav 1300.0000.772
308 CyberTeam6 1300.0000.772
309 hny287 1300.0000.772
310 Thanos 1300.0000.772
311 ckm 1300.0000.772
312 Sandbox 1300.0000.772
313 d1rt 1200.0000.714
314 nullwolf 1200.0000.714
315 ghatheringTheMidi6 1200.0000.714
316 BabyPhD 1200.0000.713
317 melroy_tellis 1200.0000.713
318 Animal.OhYeah 1200.0000.713
319 spyd3r 1200.0000.713
320 jayryan 1200.0000.713
321 0x7F 1200.0000.713
322 PiggyBird 1200.0000.713
323 Sudo_root 1200.0000.713
324 blkcaptamerica1 1200.0000.713
325 TusanHomichi 1100.0000.655
326 DarkMinion 1100.0000.655
327 WWI_Flying_Ace 1100.0000.655
328 Imvamsus 1100.0000.655
329 asha 1100.0000.655
330 Shadow Servants 1100.0000.655
331 mattbt 1100.0000.655
332 seiyakyokai 1100.0000.655
333 rmehta300 1100.0000.655
334 R&D 1100.0000.655
335 hfukuda 1100.0000.654
336 harshweb@gmail.com 1100.0000.654
337 szzp 1100.0000.654
338 ballalk 1000.0000.596
339 Bulletproof 1000.0000.596
340 13610n 1000.0000.596
341 pranav 1000.0000.596
342 can 1000.0000.596
343 kattappa123 1000.0000.596
344 sandyvsr@gmail.com 1000.0000.596
345 Hikup 1000.0000.596
346 CCSF_HACKERS 1000.0000.596
347 reddy 1000.0000.596
348 secgroundzero 1000.0000.596
349 1up 1000.0000.596
350 amnesia 1000.0000.596
351 soomink 900.0000.538
352 The-B3ast 900.0000.537
353 Merricx 900.0000.537
354 Manikv 900.0000.537
355 aghoshlal 900.0000.537
356 GRIS 900.0000.537
357 _try 900.0000.537
358 virgoman 900.0000.537
359 overheadhb 900.0000.537
360 J0rk3r 900.0000.537
361 uiuctf 900.0000.537
362 krornus 900.0000.537
363 pravin_bange 900.0000.537
364 chinaev 900.0000.537
365 Oxydros 900.0000.537
366 W0rm 900.0000.537
367 daspinhas 900.0000.537
368 BLAP 900.0000.537
369 ___ 900.0000.537
370 alx33ce 900.0000.537
371 jarcky 900.0000.537
372 koaidien 900.0000.537
373 Centaurs 900.0000.537
374 kod0kk 900.0000.537
375 Olam_zoe 900.0000.537
376 rkc 900.0000.537
377 Spitfire 900.0000.537
378 D3falt 900.0000.536
379 nbven 900.0000.536
380 Arxenix 900.0000.536
381 ch1ll3r 900.0000.536
382 romp 900.0000.536
383 SUSHI 900.0000.536
384 nabz007 900.0000.536
385 BATS 900.0000.536
386 likithjogi 900.0000.536
387 Rabbit 900.0000.536
388 amartejas05 900.0000.536
389 op.rad 900.0000.536
390 doskop 900.0000.536
391 teeesterr 900.0000.536
392 eash# 900.0000.536
393 participe_ctf 900.0000.536
394 pras1706 900.0000.536
395 moinkhorajiya 900.0000.536
396 virus 900.0000.536
397 g399 800.0000.478
398 GradiusX 800.0000.478
399 vladvis 800.0000.478
400 CR4CK3NS 800.0000.478
401 bonze 800.0000.478
402 GoanResearcher 700.0000.419
403 xR00t 700.0000.419
404 cs0sf 700.0000.419
405 Geesir7 700.0000.419
406 Maven 700.0000.419
407 jup1ter 700.0000.419
408 vakzz 700.0000.419
409 pauni 700.0000.419
410 moongs 700.0000.419
411 am 700.0000.419
412 harshk_13 700.0000.419
413 vendice 700.0000.419
414 PLUS 700.0000.419
415 raghavendra111 700.0000.419
416 noraneco 700.0000.419
417 DjigIT 700.0000.419
418 manoj.9033 700.0000.419
419 spizer 600.0000.361
420 jk2016 600.0000.361
421 lets_try 600.0000.361
422 MrsBigglesworth 600.0000.361
423 d4rc0d3x 600.0000.361
424 Borja 600.0000.361
425 GreyBell 600.0000.361
426 c21h30o2 600.0000.361
427 Arrow 600.0000.361
428 spadesquad 600.0000.361
429 trateda 600.0000.360
430 nicks_sarang 600.0000.360
431 leet0r 600.0000.360
432 f60 600.0000.360
433 iflody 600.0000.360
434 4kshay 600.0000.360
435 ExMoK 600.0000.360
436 grzegorz225 500.0000.302
437 MVnD3X 500.0000.302
438 Bitshift 500.0000.302
439 scumbag 500.0000.302
440 basepusher 500.0000.302
441 xPowerz 500.0000.302
442 MMM 500.0000.302
443 nazwadi 500.0000.302
444 dk 500.0000.302
445 h0rst 500.0000.302
446 Majora 500.0000.302
447 okas832 500.0000.302
448 RISCYBusiness 500.0000.302
449 sabnc 400.0000.244
450 123azeqsd 400.0000.244
451 Katelyn 400.0000.244
452 Metric 400.0000.244
453 Dark_aleX 400.0000.244
454 w00sec 400.0000.244
455 bob 400.0000.244
456 NeOLux-C1Ph3r 400.0000.244
457 djamal7722 400.0000.243
458 toffee 400.0000.243
459 bhavinmackk 400.0000.243
460 0ops 400.0000.243
461 ravirv 400.0000.243
462 jfhs 400.0000.243
463 United Exploit Directorate 400.0000.243
464 cctt 400.0000.243
465 pratap 400.0000.243
466 uosec 400.0000.243
467 Sikun 400.0000.243
468 flipdot 400.0000.243
469 Owl 400.0000.243
470 Akarsh T S 400.0000.243
471 KerKerYuan 400.0000.243
472 Cybrosis 400.0000.243
473 h4ck3r 400.0000.243
474 ITSPR 400.0000.243
475 Hawks 400.0000.243
476 WL 400.0000.243
477 soluna10 400.0000.243
478 Ondas 400.0000.243
479 prayas26 300.0000.185
480 shoper 300.0000.185
481 strikeforce 300.0000.185
482 StratumAuhuur 300.0000.185
483 malprxctice 300.0000.185
484 jinmo123 300.0000.185
485 ShellWarp 300.0000.185
486 dpnz 300.0000.185
487 satishengr 300.0000.185
488 gooligans 300.0000.185
489 DiaW01f 300.0000.185
490 kamikaze 300.0000.185
491 BitK 200.0000.126
492 JayantS 200.0000.126
493 alexx 200.0000.126
494 Resistance 200.0000.126
495 Nabla 200.0000.126
496 daguy666 200.0000.126
497 bdraff 200.0000.126
498 LuD 200.0000.126
499 pickelz 200.0000.126
500 Thracky 200.0000.126
501 b0ss 200.0000.126
502 Aravind 200.0000.126
503 haxpak 200.0000.126
504 6toMidnight 200.0000.126
505 kumarrockstarsaurabh@gmail.com 200.0000.126
506 Devorare 200.0000.126
507 test777 200.0000.126
508 conmancraig 200.0000.126
509 Lum3nz 200.0000.126
510 drewfus 200.0000.126
511 Husky 200.0000.126
512 Rayru 200.0000.126
513 Stack 200.0000.126
514 off 200.0000.126
515 guilt 200.0000.126
516 z0rex 200.0000.126
517 shadow-hakr 200.0000.126
518 REU 100.0000.068
519 Fire30 100.0000.068
520 08fbc81152 100.0000.068
521 soma 100.0000.068
522 popo 100.0000.068
523 marche147 100.0000.068
524 tyh 100.0000.068
525 _zx_ 100.0000.068
526 mmk21 100.0000.068
527 UCCU 100.0000.068
528 okudo3 100.0000.068
529 KITCTF 100.0000.068
530 kknock 100.0000.068
531 CTF-infinit 100.0000.068
532 MichelCode 100.0000.068
533 pp 100.0000.068
534 Honeypot 100.0000.068
535 OPT 100.0000.034
dracula123 – Jan. 20, 2016, 5:30 a.m.

> If you are playing as a team, please note that you will have to nominate one person from your team who can avail the benefits.

this is so funny!!! last year there were teams who played as team but registered in the name of team as well as individual names. they nominated themselves for prizes and grabbed prizes. there was one team whose members got first 10 of the total 30 prizes!!! some members of the team were part of the event organizers itself!!! can't believe it? there were open sharing of answers in their irc channel and these organizers were active in kicking out people sharing answers and playing as teams. that is fine but they kicked out based on their guessing some of them got ejected includes students who played as per rules. they revised the initial scorecard and kicked out lot of guys including us. however the organizers who kicked out us itself were part of the team that grabbed individual prizes, played in final and collected prizes!!! sad state of affairs :-( :-( :-(


void_nullcon – Jan. 20, 2016, 6:25 a.m.

It would really help if you can point out specific names with factual proof about the volunteers being participant of CTF. We request everyone to play ethically. Don't be naughty. If you have concrete solution against cheating please volunteer and submit the same to us at info_at_nullcon_dot_net.


okas832 – Jan. 31, 2016, 4:32 p.m.

Comment Temporarily Unavailable

The comment is temporarily unable to show this text due to maintenance downtime or capacity problems. Please try again later.


zku – Jan. 31, 2016, 5:04 p.m.

I liked the binary exploitation challenges (although 2 of them very unreachable / offline for quite some time).
The points rewarded for them seem extremely low though, when compared to other challenges.
For example, crypto-500 was basically "run openssl on this file", worth more points than any of the pwnables..
The organizers should put a bit more effort into normalizing the challenge scores.

Oh and then there is the insane flag sharing going on..


adithya – Jan. 31, 2016, 5:07 p.m.

i believe forensics were the best.


unnamed – Jan. 31, 2016, 5:08 p.m.

every thing was nice and I liked the challenges but something was wrong with scoring ... simple xoring problem worth more than reverse engineering !!! but in general it deserves 5/5


amon – Jan. 31, 2016, 5:47 p.m.

The IRC channels were largely unmonitored and unmodded. A lot of flag sharing and begging was occuring without reprisal. Some of the challs were good (exploit/re/web) but the programming, crypto and trivia challenges were pure bullshit. The crypto challenges were really badly set with granting a ridiculous amount of points. The lack of a flag format made guessing pretty much mandatory for most of the challenges. Very poor organisation.


Pharisaeus – Jan. 31, 2016, 6:31 p.m.

Bad scoring -> Web, Pwn, Re and Forensics were scored very low compared to Recon tasks. Also people were buying / selling flags on the official channel...


wompa164 – Jan. 31, 2016, 6:33 p.m.

I agree that scoring seemed remarkably inconsistent and a lot of the challenges made little sense. Many of the forensics challenges felt like they were based more on obscurity than logic. I had a good idea of what I was looking for and how to get there, but was overwhelmed with multiple largely similar files and no context.


wompa164 – Jan. 31, 2016, 6:38 p.m.

Also observe which country appears most at the top of the scoreboard, should tell you everything you need to know: http://ctf.nullcon.net/scoreboard.php


c00de – Jan. 31, 2016, 6:42 p.m.

Why HackIM sucks? Insane amount of reasons.
Admins - NEVER AVAILABLE. NEVER MONITOR.
IRC - Always chaos and answer sharing everywhere. You will have at the least 10 guys minimum wanting to share flags with you by the end of the CTF if you idle all the time.
Challenges - Unreasonable, not professional, crazy waste of time. Exceptions exist in this though. Web was amazing considering last time web was ridiculous. Otherwise there is mismanagement of scores, challenges that waste your time more than teach you anything (you'll never solve qns like Final destination of Gagghar river is "near fatehpur", said a source who got the answer post competition)
Cheating - Admins are damn aware of the ongoing cheating. I talked to a whistle blower of the previous edition of CTF who emailed the admin about the cheating that prevailed but the admins in turn informed the cheats, allowed them to participate in the finals. I am trying to convince this guy to forward the mail trails to me although he is reluctant thanks to the admins. But once I get this information I will publish this. Mr @Murtuja Bharmal, WHAT DO YOU PLAN TO DO WHEN I PUBLISH THE INEFFECTIVENESS OF YOUR ORGANIZING TEAM? The proof surely makes me assume that the admins are in with who should WIN and who SHOULD NOT.
You can see huge fluctuations in the scoreboard in the last hours, realize everyone is cheating, still turn a blind eye towards this. I agree. But what about those who report issues to you?
THERE CTF IS RIGGED. CTFtime organizers please remove this CTF from a rating event at least.


_Kinine_ – Jan. 31, 2016, 7:13 p.m.

Challanges itself where doable, instructions mostly clear.

Support, Cheating, Scoring/Rating, Moderations. This CTF isn't worthy to even be mentioned on CTFtime.


JohnCool – Jan. 31, 2016, 7:14 p.m.

Challenges :
They were good in some categories ( re / pwn / web ) but it was a fucking joke in some ( trivia / prog / crypto ) making the scoring not balanced at all ...

Infrastructure :
The website got dos'ed during the last hours and we couldn't submit a flag ... Otherwise it was ok.

Organization :
It was super messy !
The IRC chan was not monitored so a lot of people shared flags or asked for it...
The admin were not available at all...

Scoreboard:
That's the worst thing on this ctf... The scorboard is at the current time completly wrong !
Most teams on the top30 have visibly shared flags or cheated during the last hours... (just look at it ... common' )
Anyway, by kicking out the non legit teams it could be possible to make a real scoreboard to reward the ones who have played regularly

Overall rating : 2/5


saintmeh – Jan. 31, 2016, 7:35 p.m.

I'm going to be plain spoken here.

There were many good challenges(RE, some Web). There were many embarrassing challenges("Programming", "Trivia", some Crypto). There was a mix of easy and hard challenges, but I feel the easy challenges were worth a disturbingly high amount of points. I want to be constructive in my criticism. So for the future, here are three important considerations I think most people can agree on:
1) I think it would be good to either remove the easier challenges, or even better, make the "programming", "trivia", "misc", and other easier tasks worth one fifth of the points. In many cases, it was more difficult to understand the CTF's poor English than to understand the problem. I was hesitant to move onto the real challenges because the simple challenges were worth so many points. I never got a chance to really delve into some of the RE, Web, and Forensics; I was too worried that the easier challenges would dwarf the other tasks in points.
2) English can be tricky at times, but I feel this CTF would benefit from a good proofreader. The interface was nice enough, but the English was something you would expect from an insane homeless man. I would leave a kinder review, but I seriously doubt that some of the authors even read what they wrote. There were many dyslexic, repetitious, and nonsensical sentences(even by this industry's standards). Every sentence seemed to have a dysfunctional problem. I can expect a few grammatical errors and clumsy wordings... but the writing here was almost to the point of being a forensics exercise. It reflected poorly on your organization. My team and I often debated on what the CTF was trying to say. Especially in the "programming" challenges. If you want a proofreader, I can do this for you for 2017 and possibly future years. My written English communication is not superb, but it is above average in the US. English is my first and only language(unless you count 3 years of ancient Latin). I understand that I cannot be a proofreader and a nullcon competitor during the same year. I'm also clearly not afraid to be honest(even blunt). Since I like what you guys do, I will put in no more than 10 hours for free(that should be more than enough to proofread your 2017 CTF). I can proofread your challenges to a college writing level. I would appreciate a T-Shirt, some stickers, and/or some other swag :). I would prefer to not be publicly acknowledged unless we can have some meaningful moderation(which I will help provide).
#3 in second comment


saintmeh – Jan. 31, 2016, 7:35 p.m.

3) Though I solved all but the second "programming" challenges, none of these challenges made me consider programming. They were mostly the ravings of a half-brained nitwit. "Programming" 5 was solved by Googling "Conways Life online" http://www.bitstorm.org/gameoflife/ . You clearly have sufficiently skilled people making your RE and Web tasks. I doubt these people made your shameful "Programming" tasks. This is what I would expect from Programming 5: "What is London's average wind direction at 12:20 AM GMT? Only use days which are divisible by their month plus the last digit of their year(for example: Jan 2nd 2001, Feb 3rd 2011, Jan 6th 2012, and Feb 26th 2010... but not Jan 1st 2001, Feb 11th 2010 or April 4th 2011)? Use the data from Jan 1st 2005 through Jan 1st 2015. Round to the fifth decimal. Consider using http://api.wunderground.com/" This would have been a nightmare to solve without a little bit of coding. The contestant could solve this by signing up for a free api key from http://api.wunderground.com/. http://api.wunderground.com/api/<<replace with="" api="" key="">>/history_20050901/q/UK/London.json. Then the contestant would write a moderately challenging loop to calculate the wind direction. I'm sure the man who made your programming tasks is well intentioned, but fire his ass(if he lacks social skills) or hire him as a janitor(if he's a nice guy). He's a horrible programmer. This category brought you more shame than if you didn't have a "programming" category at all. A more appropriate title for this category might be "Google Fu" also known as "Trivia."

This CTF... is a joke, and It seems I'm part of the punch line. The cheating mildly bothered me, but it wasn't the end of the world. I was mostly irritated by the pathetic challenges. It's clear that there were some legitimate challenge makers... which actually makes me *more* angry that this CTF tarnished their names and efforts. There must be some retribution. Is it possible to give a CTF negative points? Ban them from CTFtime? I suppose CTFs get the reputation they deserve. Perhaps we could make reputation a touch more impacting on CTF time? I feel a 1.4 out of 5 stars is about right for this CTF. It had a fine user interface and some of the challenges were legitimate. However, the CTF was rampant with cheating, it was unmoderated, it even brings doubt to the integrity of the CTF leadership, and(like many twisted plots) it was taken down in the end. Still it has a glimmer of hope.


aseemjakhar – Jan. 31, 2016, 8 p.m.

Thanks for the comments and feedback everyone :). It was really really helpful. we will try our best to incorporate the changes suggested for next year’s hackIM:
- IRC: We will try to have more volunteers online on IRC for answering queries round the clock.
- (response to c00de stuff) Please share the communication with facts/proof that you have (or will receive) at info [at] nullcon.net and we will make sure any volunteers who were cheating are banned from being a part of hackIM volunteers in future.
- Please share concrete and detailed ideas on how to stop flag sharing, if you have any. If you would like to contribute and volunteer to create a module for randomizing flags or something else, please send us an email at info at nullcon.net
- Please note that there are no admins but only volunteers helping with the CTF. All official communication should be sent to a nullcon.net email ID (info, ctf) and not with anyone on IRC or with a non nullcon.net email ID. This will ensure timely action from us.
- Please share facts/proof instead of allegations about flag sharing/cheating as facts help us inform the cheating teams about their misconduct and ban them right away. Allegations are of no help in this case.
- (Response to saint saint) This year, we missed on proof reading the content. We will take care of it next year. Please send us an email on info at nullcon.net if you would like to volunteer for next year.

Thanks,
@


Pharisaeus – Jan. 31, 2016, 8:52 p.m.

How to stop flag sharing / hints selling? Start with a proper unified flag format. Seriously. There were a lot of tasks were the hardest part was figuring out what exactly is the format of flag, and a lot of people were frustrated that they solved the task but can't get points because they couldn't guess that the flag is title of webpage they got link to, or that the flag is "something.com" and not "something" or "www.something.com". Flag should be obvious and clear when you finally get it. Have you ever read this: https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown ? You should.

"Please share facts/proof instead of allegations about flag sharing/cheating" :D :D and how exactly? With random IRC names of people selling/buying flags? Also it requires only a single glance at scoreboard to see that suddenly India became CTF masters, even though before the best Indian teams were not even in the top 100 on ctftime.


aseemjakhar – Jan. 31, 2016, 9:14 p.m.

Response to Pharisaeus

1. Thanks for the feedback on the format. We will definitely take care of that next year.
2. Based on our analysis we try to fix the cheating as much as possible by reverting to a known good state. But obviously, we cant fix what we dont know. So, we request everyone, if you have any proof against a team/player, please send it to us so we can ban them.
3. Above all, we request all the teams and players to play ethically and discourage cheating (and cheaters).

Thanks,
@


msm – Jan. 31, 2016, 10:08 p.m.

I asked for hint for forensics 300 on IRC once (yeah, sorry, we were quite desperate).

I was greeted with five guys PMing me, wanting to trade flags. Seriously, WTF? I could've traded our web 500 for at least 4 other flags ("selling" our solution/flag few times in the process), but that's, like, opposite of what CTF's should be about. I want to SOLVE challenges, not TRADE them. (Btw. just to be clear - of course I didn't trade our flag with anyone).

I guess most top teams (especially indian ones - sorry) exchanged their flags and solutions, and that's how they ended up so high in the ranking (not necessarily all of them, maybe).

"Please share facts/proof instead of allegations about flag sharing/cheating" - I could've shared screen with random people blatantly asking for flags/trading flags on irc, but unfortunatelly I closed tab with IRC.

"2. Based on our analysis we try to fix the cheating as much as possible by reverting to a known good state. But obviously, we cant fix what we dont know. So, we request everyone, if you have any proof against a team/player, please send it to us so we can ban them. "
Yeah, it's impossible. But thanks that you acknowledge that issue and try to improve in the future. I appreciate that :>.

And moving on to other things. Flag format - really, that is important. Flag should be obvious when you see it. Reading https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown is good suggestion.

Last but not least, "know india" challenge was morbid. I almost hope it was meant to be troll challenge, because stupid answers/answers with typo (!)/impossible-to-guess anwers made the challenge almost unsolvable.

Wrapping it up, some kind words - most "real" challenges was really interesting (RE was really reversing, not break-in-2016-type-reversing, Web was interesting and clever, and Pwns was hard but solvable). Shame that organisational issues and decisions spoiled otherwise great CTF. Keep it up, and try to improve next year. Cheers...


solarwind – Jan. 31, 2016, 10:41 p.m.

Aseem Jakhar --
oh come on, "reverting to a known good state", "we cant fix what we dont know". You reverted in 2015, this doesn't work. Situation is the same as last year, nothing was made to prevent cheating. To make problem fixed you first of all need a will to fix.
Cheating problem is not new, and your CTF is not something so different, that can not be managed properly. You have all server logs, analyse them -- I'm pretty sure you can find 80% of cheaters only from web server logs, if you really want to fix a problem. Pay attention on close submission time of flags by different teams, logins from same IP of "independent" teams, connection stats to game services (e.g. if player never connected to game service but sends flag -- this is suspicious), require that best 23 indian teams from TOP-30 to send writeups.
There are also suspicious made about self-nomination of your "volunteers" to prizes -- publish full list of who is volunteering now, check their connection to winners (if they are relatives, friends, play in same team, work in same organization, etc). Also publish information about last year volunteers, and their participation in finals. This is actually bad idea to get external folks to make or manage tasks, but if you do -- make sure the process is transparent.

You actually have good tasks in pwn, web, re categories, which IMO can make this CTF back to 20-30 points, but shitty organisation ruins it all. You tried to save time with external volunteers -- but now need to remove them all and do investigation, this will take same time. Or don't do anything, and stop pretending that you are making international CTF.


overlf0 – Jan. 31, 2016, 11:44 p.m.

Aseem Jakhar
> Please share concrete and detailed ideas on how to stop flag sharing, if you have any.

1) Have someone on IRC that will answer people who want to trade flags and give them a special flag that will be accepted by the system and will award them points.
2) Wait for the CTF to end for them to "distribute" that flag by sharing it with other teams.
3) Ban everyone who has submitted that flag.

And for all the tasks (I'm talking especially about the "forensics" challenges): make the challenges FUN/interesting instead of FRUSTRATING. It's not fun if you spend a few hours searching through a pcap file, reconstructing a file system, and recovering a deleted "flag.txt" file only to find that someone is actually laughing at you and saying "You thought there would be a flag here, huh? Here, have a kick in the balls instead!".


saintmeh – Feb. 1, 2016, 3:26 a.m.

@Overfl0: I would say that it's common to troll competitors(a little). I would only expect it in high-point challenges. I found the pcap file to be exhausting, but tolerable. Most of the Forensics were tedious... even obscure... but tolerable. It was clear that the task maker at least made an effort(though he may not have enough skills yet to be creating CTF challenges).

@Mykola
What you're speaking of is attribution... perhaps considered part of forensics. Judging by their forensics challenges, Nullcon is hardworking, but wildly under-trained and under-experienced in forensics. I like your ideas, most of them would work(as long as no one buys write ups). Rectification is definitely in order. Teams must be banned. Evidence must be gathered. Prizes must be suspended until proof of competency is made. We're all a little miffed. I worked very hard too.

@Aseem Jakhar
I will spend the last 10 hour shift as an IRC moderator(since I wont be able to compete anyway).
Here is a way I just thought of for stopping flag sharing: I'll post the idea so others can comment on any(practical) weaknesses. Yes, MD5 has a collision risk... what cypher would you suggest? Be gentle with my ego if my idea is wrong. I'm not a cypherpunk and I've only started CTFs within the past year... though I've got a few Odays to my name. What if every flag is a simple MD5(teamname+ChallengeSecretSalt+CTFSecretSalt)? The server calculates what the MD5 should be for that team for each challenge. The team sends their hash in the form of "HIM{hash}" to the server... if "HIM" is too obvious on some challenges, simply having something like "5f4dcc3b5aa765d61d8327deb882cf99" should be good enough. Then the server compares against the flag hash that the team sent. This might get extremely tricky in REs and PWNables.... But it would work for web, much of forensics, trivia, programming, and misc. This would require a couple hard days to implement, but it would be worth it. I have sent you an email requesting to volunteer 10 hrs of time to proofread your challenges and convert them(as best as I am able to) into clean and concise English. Your CTF could be quite enjoyable if it weren't for the rampant cheating and three of the categories(programming, trivia, misc).


aseemjakhar – Feb. 1, 2016, 4:39 a.m.

Thanks msm, Mykola Ilin, Overfl0, Saint Saint and others for your critical feedback and most importantly - suggestions for improvement. We will try to implement most measures to make hackIM fun for everyone.

Thanks again :)
@


P3t3rp4rk3r – Feb. 1, 2016, 5:33 a.m.

forensics challenges are really challenging....


c00de – Feb. 1, 2016, 6:52 a.m.

There is no use of sharing information about cheaters. You will only be kicked out. Happened last time to me. I can share the proof of it. The board reversal measure taken was taken so cleverly that people felt the cheaters were out. But cheaters still remained and I saw it in EMC's twitter post when I saw their picture on the finalist. Again do you wish to explain this @Aseem?


aseemjakhar – Feb. 1, 2016, 7:17 a.m.

c00de stuff Help us in improving the CTF and enforce rules. Im assuming, If you saw their picture, it means that you know them personally and may have email proofs as well. This would be really helpful as we can provide factual proof against them with email headers. please send email to info at nullcon.net about it. We will take action if we have sufficient proof against them. We cannot force you to share information and it totally depends on you if you are willing to help. Please note the board reversal is a manual process based on our analysis of suspicious submissions and may have some consequences on players who did not cheat. We need a better framework for reducing the chances of cheating and we have receive very good suggestions in the above comments which we plan to implement in the next version. Again, if you think you can help us in anyway, feel free to contribute.

Thanks,
@


Ozzy – Feb. 1, 2016, 7:22 a.m.

hahaha c00de... check this out with https://pbs.twimg.com/media/CTW-qdwU8AAj5S_.jpg:large I am not asking you to assume anything :)


Ozzy – Feb. 1, 2016, 8:03 a.m.

@Ozzy - hahah! Yeah! But you don't have enough proof... it is just circumstantial :P lol
@Aseem - I have proof I emailed you last time. I emailed two screenshots of which one was given by another person. He came back and started shouting at me telling why was I going and telling other guys that he is "snitching on the cheats". If you make the process of responsible disclosure open and known to all and keep people's information safe, you will see more whistle blowers. I know them because I did my reconnaissance and the proofs I submitted you can easily know who it was about.
I openly dare you to release the process of disqualification with mail trails of the proofs submitted last time. If you have no problem KINDLY RELEASE ALL THE PROCESS THAT UNDERWENT SCRUTINY LAST TIME.
Simple - Take out the previous mails and tell the process followed.

@Rest - Do not report to nullcon owners till they owe up to the work and make it a safe environment for whistleblowing on cheaters.


c00de – Feb. 1, 2016, 8:26 a.m.

@Ozzy: If that is true, Please give me the proofs over IRC. Last time I had reported it to admins over IRC and next day, the board was "reverted to good state" and I was kicked out. lol. I also talked to someone in IRC who said the same thing that you did. Ping me, we will post this issue in ctftime issues.


aseemjakhar – Feb. 1, 2016, 9:35 a.m.

Ozzy Narcozzy: The snapshot was shared with the volunteers. Thanks for the info. We will refrain from sharing the direct snapshots and emails starting now. However, in that case would request you to send complete snapshots + email headers + description of what and who is involed instead of only portions.
In case you would like to to private disclosure only to me. you can send an email to aseem a{t} payatu dot com and I will make sure to hide any names and references.

Thanks,
@


Bose – Feb. 1, 2016, 10:06 a.m.

Guys. I don't there is any point in shouting on the administrators who sit and hold a open CTF for us to play in their free time.
It is hard work of theirs however badly done.

@Aseem: I have 2 feedbacks already told to Himanshu and donfos or someone on the IRC -
1. Few challenges were just unreasonably named, scored (misc 300 and for 100) - I solved for100 in some 4 hours but misc300 had the qns reset over and over. Also I heard from some that correct answers were not being accepted.
2. Unavailability of admins on the IRC to monitor - I think if the chatroom is not over IRC rather something that can be heavily monitored, the leaking of solutions cross team would be significantly reduced.
And it is true, I am heartbroken and disappointed to see myself overtaken by cheaters taking over the board again leaving my 4000 point gain for nothing. I had scored all this over 2 days (didn't participate the 3rd day). But I also believe this is a hard task for you.
This was a brilliant document shared on the IRC, maybe you guys can have a look at it -
https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown

I am sure, cheaters once caught should be barred from playing in the next 3 years or so, would encourage a fairer play. But Yes! I didn't play on the Third day because I already saw the enormous amounts of cheating on the IRC and was pissed of and had given up. I am sure, the number of solves of misc 300 on the board would be way lesser than the actually number of people who actually retrieved the flag! :P

@Others - This CTF was a huge leap of improvement in web challenges side compared to the last time. Please see the positive aspects as well.

Anyway, Kudos to the RE folks who made my life a living misery :D I learnt a lot about INDIA! :D haha


aseemjakhar – Feb. 1, 2016, 10:39 a.m.

@Tanoy Bose, Thank you for the feedback and empathy :). Both of your suggestions are good. Infact we are already planning to move away from IRC.

Thanks,
@


dracula123 – Feb. 1, 2016, 5:34 p.m.

You should learn what the India cricket board is doing to avoid "conflicts of interest" in IPL cricket :P
Do not have organizers and participants from same team or from same group of friends.
Make the flags different for everyone, there can be small variations in challenges itself for each participant.
Make it only a group event. Allow individuals to form team of 5-6 members. If you know participants from same known CTF group, same college, make them play as a group.
Do not allow the members of same CTF team play as individual, play as group, win all the prizes, pose for photos with ther team members in the organizing team! #coredump #bootup
Why need a chat room for solving CTF? Do not use any chat room or IRC.
Watch out for your volunteers compete in final and collect prizes without participating in HackIM, as happened last time.


amon – Feb. 1, 2016, 6:42 p.m.

@dracula I'd argue that IRCs are a very important part of any CTF. Properly moderated IRC channels anyway. It allows for quick communication between the organisers and the participants in the event infrastructure goes down or problems with challenges arise. Reputable CTFs usually have a well moderated IRC and while flag sharing does exist at the smaller scale, it isn't as prevalent as this one.

I agree with you on pretty much everything else though.

There are a couple of factors that contributed to the current state of affairs:
1. Uncertainty regarding what exactly the challenges are asking for (this includes badly worded descriptions in horrible english and lack of proper flag formats (sometimes completely asinine ala Crypto 1))
2. Lack of proper communication between the players and the organisers: the official means of communication is supposed to be email, but they were unresponsive on that front. There was very little administration of the 'unofficial' IRC channel with the admins only popping in to mass dump hints for challenges and then leaving.
3. Broken challenges with a lot of ambiguity: the Know India challenge comes to mind. People grew hugely frustrated when trying an answer they knew to be true and the IRC essentially degenerated to into asking for the 'correct' answers. Another 'broken' challenge was Web 400 where the web application was returning 'Flag: ' without the actual content. I'm not sure if this was meant to be intentional with the wrong content-length but if so, it would have been better if it returned "Partial-" instead to present a marker to the player.
4. Lack of reprisals for hint and flag begging. Typically, players who beg for flags or hints in a reputable CTF would get the ban hammer to the face really quick.
5. CTFs are typically played in groups. So individual-only CTFs motivate groups to combine their efforts but multiply their yields with multiple accounts.

The combination of the above essentially provided a hotbed for massive cheating.

On the point of minor variations for challenges: this is admittedly not an easy thing to achieve. It has been done before (see: PicoCTF) but personalising challenges can only go so far. It is a more effective strategy for an admin to quell any greasiness before it catches fire.

I'm not sure why so many people are spoon feeding the organisers so many solutions to their problems. These problems rarely occur in other CTFs. Perhaps the organisers should re-think their philosophy and observe how better CTFs are conducted and identify where they fall short. Just because it is run by volunteers doesn't give it a free pass to have lower standards. In fact, that does not make sense at all. Most CTFs are run 'voluntarily' by 'volunteers' (e.g. Hack in the Box KL was run by a great group of volunteers, CSAW is run by students, and 32c3 is run by a CTF team comprised of two hackerspaces) and they are amazing. Most CTFs aren't run commercially.


zoolander – Feb. 1, 2016, 7:42 p.m.

For the organizers, if you can't come up with a scheme to issue unique flags to each participant for each challenge, you can surely do some simple database analysis to compare submission time for various flags. Do you really think that people submitting the same flag within seconds of each other is a coincidence? Submitting in the same order as each other? Maybe even submitting from the same IP? How about the mad rush to submit in the that minutes of the game? Since yours is a "individual" competition, surely you can't believe that one person is solving several challenges magically in the last moments of the game. The proof is right in front of you. Stop expecting others to provide insight into your own infrastructure. If you want to show good faith how about posting a database dump of all submitted flags for the community to analyze?


zoolander – Feb. 1, 2016, 7:43 p.m.

s/submit in the that minutes of the game/submit in the last minutes of the game/


void_nullcon – Feb. 2, 2016, 6:48 a.m.

We have updated the final scoreboard for HackIM 2106 after removing discrepancies and disqualifying suspected players who shared flag. We will shortly post, our analysis and reason for disqualification the players on scoreboard.


Bose – Feb. 2, 2016, 10:01 a.m.

@Ozzy @c00de - seems like nullcon and team have done a clean task to clear out the scoreboard. I have not cleared though, but I see a lot of the guys who deserved it to be online. Congos all.
@Derek - I wish I had that magic too :'( :D And looks like the organizers took it seriously to attempt stop that flag copiers this time. I see a lot of them who deserved to be there on the board this time.
Also I still believe that just review the IP logs of the people who connected and solved misc300 to those who submitted without connecting. This would give you the people who cheated. lol :D


factoreal – Feb. 9, 2016, 10:06 a.m.

Please submit scoreboard to CTFTime asap. thanks


havocmage – Feb. 10, 2016, 1:18 a.m.

Yes, please add the scoreboard.


sambecks.khack40 – Feb. 19, 2016, 9 a.m.

Please add the scoreboard.


_bl4de – Feb. 22, 2016, 11:19 a.m.

Hi, please add the scoreboard, thanks!


M1dn8H4ck – Feb. 23, 2016, 12:47 p.m.

We are waiting for the scoreboard


void_nullcon – Feb. 26, 2016, 7:09 a.m.

Done


rishabhd – Feb. 26, 2016, 12:05 p.m.

zero moderation, bad programming and crypto challenges (guess what, no programming was involved in either programming and crypto). Non standard flag . Overall pretty sour.


rishabhd – Feb. 29, 2016, 11:08 a.m.

Why aren't the rankings correct as per final scoreboard on website ?


sambecks.khack40 – Feb. 29, 2016, 12:02 p.m.

+1
5 Rating weight for breakin (https://ctftime.org/event/288) and 0 Rating weight for this ctf ... abused. I don't understand.


Pharisaeus – Feb. 29, 2016, 3:23 p.m.

Nice that they uploaded ranking, sadly it's a bit "broken"... ;]