Mon, 08 Oct. 2012, 05:00 UTC — Thu, 11 Oct. 2012, 14:00 UTC
On-site
Kuala Lumpur, Malaysia
A HitbSecConf CTF (Kuala Lumpur) event.
Format: Attack-Defense
Official URL: http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/
OVERVIEW
To celebrate the 10th year anniversary of HITBSecConf, the CTF Overlords and CTF Crews 1.0, 2.0 and the all-new 3.0 will be coming together to work on a 32 HOUR NON STOP CAPTURE THE FLAG COMPETITION which we’re calling CTF Weapons of Mass Destruction – Fallout Apocalypse!
In our previous CTF Weapons of Mass Destruction, Teams had a set of daemons / services running on their machines and they had to exploit rival teams’ daemons to steal their flags. Submit the flags to obtain offensive points and also unlock nuclear weapons that can be launched against rival teams. For defensive points, all the team had to do was to keep their daemons up and running.
Fallout Apocalypse will require each team to manage a nuclear power plant and protect their daemons, which represents the reactor’s cores, from attacks while at the same time launch attacks against rival teams’ nuclear reactor. Weaponized SCADA exploits can be used to cause monetary damage towards rival teams. Fallout Apocalypse will also feature a spanking new black market where teams may trade exploits and also purchase countermeasures.
DETAILED EXPLANATION
Each team will start with an equal amount of money which represents their points. More money can be obtained periodically by making sure daemons are all up and running during a flag check initiated by the score server. Money can also be obtained by achieving “Break through Points”, which will be awarded to the first team who manages to solve a daemon, or in other words, be the first to steal a flag via a particular daemon.
By solving a daemon, not only will the team be awarded with points, the team will also be awarded with a Weaponized SCADA exploit that can be launched against a rival team. There will be a total of ten (10) daemons all together, hence ten (10) weaponized SCADA exploits available for each team to acquire. No extra points will be awarded to the team that launches it, however monetary damage will be inflicted against the target team. If a team’s money reaches zero (0), the team will automatically be kicked out of the competition. Keep in mind that each weaponized SCADA exploit may only be used once. Depending on the difficulty of exploitation of the daemon, each weaponized SCADA exploit will carry a different damage rating.
As mentioned earlier, Fallout Apocalypse will feature a Black Market where teams can conveniently purchase items from the shop and also trade exploits amongst each other. Items such as protection and countermeasures can be purchased while on the other hand, teams who wish to auction off their exploits can do so via a broker (The CTF Crew). The owner of the exploit will inform the broker of starting price and the broker will auction it off to the highest bidder. The profit obtained from the purchase will be added to the seller’s pot of gold (total points).
At the end of the competition, the team with the most money (total points) will be crowned as the winner. Hence, teams will need to make sure their daemons are up and running and also harvest flags from time to time for more points. Flags are changed periodically to allow teams to obtain more points by harvesting flags. The CTF network will be isolated from the rest of the conference network, and we will NOT provide Internet on the CTF network. However, you are free to use the HITB conference wireless network.
1st Place – USD3133.7 (sponsored by Panda Security)
2nd Place – biatch&dawg Custom Clothing #HITB2012KUL CTF Winner Hoodies (sponsored by Trustwave SpiderLabs)
3rd Place – biatch&dawg Custom Clothing #HITB2012KUL CTF Winner T-Shirts (sponsored by Trustwave SpiderLabs)
10 teams total
Place | Team | CTF points | Rating points | |
---|---|---|---|---|
1 | sutegoma2 | 3676.000 | 60.000 | |
2 | CLGT | 2602.000 | 36.235 | |
3 | Nandy Narwhals | 2568.000 | 30.958 | |
4 | Dutch Orange Glasses | 2451.000 | 27.503 | |
5 | 0xDC381015 | 2318.000 | 24.917 | |
6 | mtv | 1916.000 | 20.637 | |
7 | alf | 1756.000 | 18.617 | |
8 | Special_k | 1230.000 | 13.788 | |
9 | Stealther | 1150.000 | 12.719 | |
10 | Hondorioxz | 706.000 | 4.381 |