Fri, 06 Oct. 2017, 14:00 UTC — Sun, 08 Oct. 2017, 14:00 UTC 

On-line

Kaspersky Industrial CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.kaspersky.com/

This event's weight is subject of public voting!

Future weight: 19.00 

Rating weight: 19.00 

Event organizers 


The Quals will be held online and start from 6 of October (5.00 p.m. Moscow time) till 8 of October (5.00 p.m. Moscow time). The Finals will be held on 24 of October in Shanghai.
This year, the Qualifications will include the following types of tasks:
1. Web
2. Pwn
3. Crypto
4. Stegano/Forensics
5. Reverse
6. Fun

For the finals, we have prepared a stand with an Oil Refinery Factory connected to a Digital Substation. The top three teams will get a chance to hack it and get the prizes.

Prizes

Top 3 teams will be qualified to the Kaspersky Industrial CTF Finals during the GeekPwn1024 event in Shanghai, China

Scoreboard

227 teams total

PlaceTeamCTF pointsRating points
1 CyKOR 6950.00038.000
2 Eat, Sleep, Pwn, Repeat 6950.00028.500
3 TokyoWesterns 6050.00022.873
4 p4 5750.00020.469
5 LC↯BC 5650.00019.246
6 Filthy Thr33 5450.00018.066
7 Batman's Kitchen 4750.00015.700
8 SUSlo.PAS 4250.00013.994
9 ALLES! 4150.00013.456
10 Plaid Parliament of Pwning 4150.00013.245
11 SiBears 4100.00012.936
12 [Redacted] 3850.00012.109
13 Corrupted Reflection 3700.00011.577
14 [TechnoPandas] 3700.00011.472
15 Camelot 3700.00011.382
16 Antichat 3550.00010.893
17 KoreanGang 3500.00010.686
18 OH-IOwned 3450.00010.487
19 VoidHack 3150.0009.612
20 Azure Admirer Agency (AAA) 3000.0009.151
21 Tasteless 3000.0009.106
22 STT 3000.0009.065
23 Pwnium 2950.0008.891
24 Koibasta 2700.0008.173
25 BE4HOXVII 2700.0008.141
26 Tower-of-Hanoi 2700.0008.112
27 Chaitin 2600.0007.812
28 khack40 2550.0007.650
29 irGeeks 2550.0007.626
30 Snatch The Root 2550.0007.605
31 yoburek 2500.0007.447
32 Harekaze 2450.0007.292
33 JohnDoe 2450.0007.274
34 Shellphish 2100.0006.300
35 hack.ERS 2100.0006.284
36 74kbl47 2100.0006.269
37 YoungPwnawans 2050.0006.118
38 CodeRed 2000.0005.968
39 noraneco 1900.0005.681
40 PLEXeT 1850.0005.533
41 Invulnerable 1750.0005.248
42 PwnaSonic 1750.0005.237
43 Sudo_root 1750.0005.226
44 OstreKatozordy 1750.0005.216
45 Craft n' Capture 1650.0004.933
46 BHG 1600.0004.787
47 EpicTeam 1600.0004.778
48 ITCrowd 1600.0004.770
49 Limpopo 1600.0004.762
50 T1pst4r 1600.0004.754
51 zerosib 1600.0004.747
52 Hypertext Markup Protocol 1550.0004.603
53 SwissMadeSecurity 1550.0004.596
54 Honeypot 1550.0004.589
55 alex_k_polyakov 1500.0004.446
56 Kernel Sanders 1500.0004.440
57 DustDevils 1450.0004.297
58 $wag 1400.0004.155
59 0x617364 1400.0004.149
60 TechSec 1400.0004.144
61 TenDollar 1400.0004.139
62 ROIS 1400.0004.134
63 Nu1L 1400.0004.129
64 TeamRocketIst 1400.0004.124
65 badfirmware 1400.0004.120
66 randomstr 1400.0004.115
67 BreakPoint 1400.0004.111
68 0x34044 1400.0004.107
69 restless Schatzi's knights 1400.0004.103
70 Kółko Ekonomiczne Judasz 1400.0004.099
71 CatchFM 1400.0004.095
72 n0de 1400.0004.091
73 CH1ll 1350.0003.951
74 ThunderClap 1300.0003.811
75 Binary Devastation 1300.0003.807
76 opana 1300.0003.804
77 paperwhale 1250.0003.664
78 eunnie 1100.0003.251
79 CirclesOf$hell 1100.0003.248
80 zuko3d 1100.0003.245
81 1@stplace 1100.0003.242
82 ahaha 1100.0003.239
83 m1z0r3 1100.0003.236
84 vaseline valley 1100.0003.233
85 Team_STFU 1100.0003.231
86 kek 1100.0003.228
87 MTP.sky 1000.0002.952
88 Dr Testman 1000.0002.950
89 smoke leet everyday 950.0002.811
90 b1n4ry4rms 900.0002.672
91 TheGoonies 900.0002.669
92 SharLike 800.0002.394
93 Just Hit the Core 800.0002.391
94 kasia-tutej 800.0002.389
95 Ph03nix 800.0002.387
96 Hack'n roll 800.0002.385
97 potatocato 800.0002.383
98 scryptos 800.0002.381
99 mtf 800.0002.379
100 CremaIsBoring 800.0002.377
101 Top of the ROP 800.0002.375
102 Hash Slinging Hackers 800.0002.373
103 Pandemic 800.0002.372
104 Epic Leet Team 750.0002.233
105 Ethical Hackers Club 750.0002.231
106 k8tems 700.0002.093
107 team name 700.0002.091
108 SIGPWN 700.0002.090
109 DirtySocks 700.0002.088
110 bincat 600.0001.813
111 LeaveCat 600.0001.811
112 2O2L2H 600.0001.810
113 Crackchester 600.0001.808
114 n2r 600.0001.807
115 0Shi00Shi 600.0001.806
116 wha1s0s1r1us 600.0001.804
117 MhackGyver 600.0001.803
118 Securimag 600.0001.801
119 cyberwehr 600.0001.800
120 R4nd0ms 600.0001.799
121 just_Damn_it 600.0001.797
122 noTeamName 600.0001.796
123 T0X1C V4P0R 600.0001.795
124 Granny 600.0001.794
125 One Man Orchestra 600.0001.792
126 Thomas 600.0001.791
127 !stress 600.0001.790
128 Black Technology Royal 600.0001.789
129 YouAreDelayingTheProject 600.0001.788
130 一块红布 600.0001.786
131 N0V1C3 600.0001.785
132 Indie Trash Panda 600.0001.784
133 1up 600.0001.783
134 Inshall'hack 600.0001.782
135 HackingForSoju 600.0001.781
136 PackdeSys 600.0001.780
137 Bushwhackers 600.0001.779
138 SULOBAND 600.0001.778
139 DedSec 600.0001.777
140 farmingsimulator2015 600.0001.776
141 Phantom 600.0001.775
142 H4C 600.0001.774
143 Pwn Leak 600.0001.773
144 Fox-Hound 600.0001.772
145 dodododo 600.0001.771
146 Dragon Sector 500.0001.497
147 KansasCityShuffle 450.0001.359
148 HTCPCP:// 450.0001.359
149 CodeheadUK 450.0001.358
150 alexander 300.0000.947
151 LFY 300.0000.946
152 Dons Cosecant 300.0000.945
153 RGB 300.0000.944
154 asdf 300.0000.944
155 8bit 300.0000.943
156 P4dd1ng 300.0000.942
157 egy1337 300.0000.941
158 3y3 300.0000.940
159 HITSquad 300.0000.940
160 M57 300.0000.939
161 Exponential 300.0000.938
162 NIMDA 300.0000.937
163 One-Team 300.0000.937
164 MarazmTm 300.0000.936
165 vanhelsing 300.0000.935
166 UNN_Team 300.0000.935
167 I'm not Freddie Mercury 300.0000.934
168 HackXore 300.0000.933
169 Hawk Security Team 300.0000.933
170 revker 300.0000.932
171 #Thacket; 300.0000.931
172 dRem 300.0000.931
173 DoubleSigma 300.0000.930
174 TipTil 300.0000.929
175 GuidedHacking.com 300.0000.929
176 DC416 300.0000.928
177 igoryan 300.0000.927
178 yaPenetrators 300.0000.927
179 BIGBEAR_BK 300.0000.926
180 sec0d 300.0000.926
181 taurus 300.0000.925
182 GUECHAS 300.0000.925
183 HxD43v3R 300.0000.924
184 ISITDTU 300.0000.923
185 kaspersky4b 300.0000.923
186 Infinite loop 300.0000.922
187 wnv 300.0000.922
188 urchin 300.0000.921
189 SmartRobot 300.0000.921
190 mister spaghetti meatball 300.0000.920
191 DaltonBrothers 300.0000.920
192 guatitasec 300.0000.919
193 AceBear 300.0000.919
194 Netcat.us 300.0000.918
195 BITSkrieg 300.0000.918
196 pi3la 300.0000.917
197 kad 300.0000.917
198 0xFF 300.0000.916
199 o0o 300.0000.916
200 Bottomfraggers 300.0000.915
201 Bono_iPad 300.0000.915
202 beef1306 300.0000.914
203 CatFlag 300.0000.914
204 poutsateam 300.0000.913
205 mrx 300.0000.913
206 CultOfTheDeadCarrot 300.0000.912
207 NIS 300.0000.912
208 cr4x0rs 300.0000.911
209 DeliciousHorse 300.0000.911
210 0xBU 300.0000.911
211 sqvrc 300.0000.910
212 Johnny 300.0000.910
213 hard 300.0000.909
214 okudo3 300.0000.909
215 OutOfRangeException 300.0000.909
216 fargus 300.0000.908
217 Sea Food 300.0000.908
218 MerElephant 300.0000.907
219 NORELATION 300.0000.907
220 hapsida 200.0000.633
221 dcua 200.0000.633
222 SIDAO 200.0000.632
223 fu.ch4l1z4rd 200.0000.632
224 cbs 200.0000.632
225 int 0x80 200.0000.631
226 p4l 150.0000.494
227 Rusc 150.0000.247
niklasb – Oct. 6, 2017, 9:22 p.m.

Tasks are broken/down, and there is no way to contact the orga except for email, to which of course they do not respond. This is not acceptable.


maro – Oct. 6, 2017, 11:32 p.m.

- No IRC,
- Tasks does not mention what we have to do or what have to submit
- Flag format is useless since all tasks does not follow the mentioned flag format, you have just to add KLCTF as prefix
- Many broken tasks
- Guessing
...


Ghaaf – Oct. 7, 2017, 12:33 a.m.

I have the same problem as maro WTF! Kaspersky and no support ! lol !!


niklasb – Oct. 8, 2017, 7:16 p.m.

Note for future: Don't run pwnables as uid 0, or you will have a bad time keeping all the files on the challenge server where they belong. Not to mention forking servers that didn't register SIGCHLD handlers, infinite loops with no alarm() etc.


Pharisaeus – Oct. 8, 2017, 8:44 p.m.

Some tasks had reasonable difficulty and were fun, but there were also A LOT of issues:

1. No flag format respected. Basically every task was "add KLCTF prefix to whatever you get". On top of that flag was sometimes KLCTFxxxxx and sometimes a normal KLCTF{xxxx}. This is very confusing
2. Some tasks required guessing/dirbuster/crystal ball. RE400(+PWN700) initial stage for example required to guess that in /backup/backup.tar we can find the task sources/binaries. Nothing indicated this at all. In fact by far the hardest part of this task was exactly this step...
3. Service shared between all the teams, especially in case you need to trigger some specific state / race condition -> RE400/PWN700
4. Some very strange scoring. Crypto 800 was a trivial homomorphic Paillier challenge. Once someone noticed this is Paillier then it was instantly obvious how to recover the flag. But interestingly enough it could be solved even faster as blackbox. 300p for repeating XOR over a png, with keysize the same as header also seems a bit excessive. Especially compared to some other significantly harder tasks for similar amount of points.

And on top of all of this there was basically no communication channel, no IRC, no telegram, no nothing. You could send an email and get no response :) This becomes even more problematic when some tasks are broken (and they were).


maro – Oct. 10, 2017, 12:07 a.m.

Why is the scoreboard in ctftime is different than the original scoreboard ?!
https://ctf.kaspersky.com/contests/1/scoreboard/


merrychap – Oct. 11, 2017, 10:58 a.m.

ctftime, please, update the scoreboard for this challenge!