Sat, 10 Sept. 2016, 02:00 UTC — Sun, 11 Sept. 2016, 02:00 UTC 

On-line

WhiteHat Contest event.

Format: Jeopardy Jeopardy

Official URL: https://wargame.whitehat.vn/

This event's weight is subject of public voting!

Future weight: 20.00 

Rating weight: 20.00 

Event organizers 


WhiteHat Contest, a Capture The Flag contest, is held periodically by WhiteHat.vn, leading cyber security forum in Vietnam. WhiteHat Contest 12th will be the third Contest to be introduced to the information security community worldwide. WhiteHat Contest is based on WhiteHat Wargame system - the environment allowing cyber security enthusiasts to practice CTF games. WhiteHat.vn is Vietnam’s leading forum on cyber security, where the cyber security research community can exchange expertise, professional ethics as well as legal issues involved. WhiteHat.vn is favorable environment which encourages and promotes cyber security enthusiasts to study and research in judicious orientation to become white hat hackers. These hackers then have high availability in dealing with cyber security incidents.
Bkav is Technology Corporation, operating in the field of network cyber security, software, e-Government; manufacturer of smart electronic devices and smartphone, as well as a supplier of Cloud Computing service.

Register: https://wargame.whitehat.vn/Account/Register

Support channel: IRC: http://webchat.freenode.net/, channel: whitehatcontest

Prizes

First prize: 30 million VND (appx. 1340 USD)
Second prize: 5 million VND (appx. 225 USD)
Third prize: 3 million VND (appx. 135 USD)

Scoreboard

80 teams total

PlaceTeamCTF pointsRating points
1 217 4900.00040.000
2 MeePwn 4700.00029.184
3 BabyPhD 3850.00022.381
4 GoN 2400.00014.796
5 Dystopian Narwhals 2350.00013.592
6 dcua 2150.00012.109
7 Shellphish 2050.00011.224
8 yonghwi 2000.00010.663
9 ISITDTU 2000.00010.385
10 ASIS 1750.0009.143
11 KMAoWARRIORS 1500.0007.941
12 DaltonBrothers 1350.0007.177
13 0xc500 1200.0006.436
14 M57 1200.0006.327
15 dust 1200.0006.231
16 PartlyCloudy 1100.0005.740
17 LC↯BC 900.0004.850
18 ez30m 800.0004.376
19 CodiSec 800.0004.318
20 b0b0 800.0004.265
21 hackability 700.0003.810
22 JAV 650.0003.562
23 TheGoonies 600.0003.319
24 NabIa 600.0003.282
25 ARGOS 600.0003.249
26 khack40 600.0003.218
27 MV9rwGOf08 600.0003.190
28 p4 600.0003.163
29 Balsn 500.0002.730
30 Just Hit the Core 500.0002.707
31 GiapDangCapCoNguoiYeuTenDuyen 500.0002.686
32 Thomas 500.0002.666
33 Umbrella 500.0002.647
34 DaltonGang 400.0002.221
35 Ridge Racer 400.0002.204
36 GH2N 400.0002.188
37 magnum 400.0002.173
38 555+ 400.0002.159
39 thuong1231abc 400.0002.145
40 CTF-infinit 400.0002.133
41 Fourchette Bombe 400.0002.120
42 Burlingpwn 400.0002.109
43 catsecurity 350.0001.894
44 Xatnys 300.0001.679
45 h4rdF0rc3 300.0001.669
46 CiGPlus 300.0001.659
47 thync 300.0001.650
48 0condom0xxx 300.0001.641
49 Samurai 200.0001.224
50 galhacktictrendsetters 200.0001.216
51 UZUPTIT 200.0001.208
52 tiny0bui 200.0001.201
53 bi0s 200.0001.194
54 oti_sec 200.0001.187
55 christrc 200.0001.180
56 whitehattersUK 200.0001.173
57 Glidermed 200.0001.167
58 Huhuhaha 150.0000.957
59 Gr33nH4t 100.0000.747
60 NewBieeeeeeeeeeeeeeeeeeeeeee 100.0000.741
61 ThaThu 100.0000.736
62 noraneco 100.0000.731
63 efiensn 100.0000.726
64 TungPunDepTraiCoNguoiYeuXinhGaiTenLaHien 100.0000.721
65 hy00un 100.0000.716
66 lintile 100.0000.711
68 0xmallab 100.0000.702
69 K20CMUTMT 100.0000.698
70 taurus 100.0000.694
71 REUREU 100.0000.690
72 1064CBread 100.0000.686
73 b01lers 100.0000.682
74 PetUsKal 100.0000.678
75 NaijaSecForce 100.0000.675
76 Snatch The Root 100.0000.671
77 cRUcible 100.0000.668
78 dreamteam 100.0000.665
79 dharma 100.0000.661
80 w0pr 100.0000.329
81 CCSFHACKERS 100.0000.328
the_duke – Aug. 31, 2016, 11:45 a.m.

They seem to have some issue with the registration there. It claims invalid username, whichever name I use.
Is this some sort of a challenge? :)


daikiyamasaki – Sept. 2, 2016, 2:07 p.m.

セキュリティーについて、勉強します。


bteam – Sept. 5, 2016, 3:42 a.m.

We have checked the information and identified that the error you mentioned occurs when username has fewer than 8 characters. Thanks for your report :D


seadog007 – Sept. 5, 2016, 6:05 p.m.

Hi, when I tried to create a team, it shows "The group name cannot contain the following special The group name cannot contain the following special characters". Can you guys check that?


bteam – Sept. 6, 2016, 9:15 a.m.

@seadog007 What is your group name?


seadog007 – Sept. 6, 2016, 12:55 p.m.

@bteam "Come to Try Fortune", but I just register as "Come_to_Try_Fortune" because I didn't see anyone use space in the team list.


seadog007 – Sept. 6, 2016, 12:56 p.m.

Oh, wait. Sorry about last reply, I didn't register yet. That's for another CTF.


rkarabut – Sept. 8, 2016, 12:29 p.m.

Hello, I've received an email invitation from you but I can't register my team (dust); it shows me the "the group name is already in use" error. Can you help?


bteam – Sept. 9, 2016, 2:14 a.m.

We sent invitation email to teams that participated in our previous Contests. This means your team has already existed on our wargame.whitehat.vn. You can use that account and allow more members to join in if you wish to do so. (Your Dust team was registered with username rkara***)


rkarabut – Sept. 9, 2016, 11:49 a.m.

Oh, thank you. It seems we did register but didn't actually participate in the previous one. Please remove the possibility to register two accounts with the same email on your website, it was the source of confusion.


bteam – Sept. 10, 2016, 4:02 a.m.

2 new challenges released


bteam – Sept. 10, 2016, 4:03 a.m.

RE002 and For004


sambecks.khack40 – Sept. 12, 2016, 10:17 a.m.

where is complete scoreboard plz ?


tunelko – Sept. 12, 2016, 10:28 a.m.

+1 sambecks. Could you upload complete scoreboard? Thanks.


mut3 – Sept. 12, 2016, 8:56 p.m.

@bteam Complete scoreboard please


rkarabut – Sept. 13, 2016, 9:47 a.m.

I must say I strongly disapprove of messing with the players' systems as part of the Re002 challenge. WHITEHAT_CONTEST.exe tries to prevent IDA launch by changing its execution options in the registry and then disabling registry access. This is seriously bad form, even if meant as a joke or a lesson to careless participants.


Fish – Sept. 14, 2016, 4:06 a.m.

@rkarabut I agree. They should at least put up a message box with an alert prior to messing with the system. From another perspective, you should always have UAC switched on, and always run CTF challenges in a sandbox or a virtualized environment. Binaries from good CTFs might be exceptions to this rule, but I definitely will not risk running anything from WhiteHat on my real system.


rkarabut – Sept. 14, 2016, 11:40 a.m.

@Fish you certainly should, yes. Still, even prevented, this leaves a bad aftertaste.