Fri, 06 Oct. 2017, 14:00 UTC — Sun, 08 Oct. 2017, 14:00 UTC 

On-line

Kaspersky Industrial CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.kaspersky.com/

This event's weight is subject of public voting!

Future weight: 19.22 

Rating weight: 19.22 

Event organizers 


The Quals will be held online and start from 6 of October (5.00 p.m. Moscow time) till 8 of October (5.00 p.m. Moscow time). The Finals will be held on 24 of October in Shanghai.
This year, the Qualifications will include the following types of tasks:
1. Web
2. Pwn
3. Crypto
4. Stegano/Forensics
5. Reverse
6. Fun

For the finals, we have prepared a stand with an Oil Refinery Factory connected to a Digital Substation. The top three teams will get a chance to hack it and get the prizes.

Prizes

Top 3 teams will be qualified to the Kaspersky Industrial CTF Finals during the GeekPwn1024 event in Shanghai, China

Scoreboard

227 teams total

PlaceTeamCTF pointsRating points
1 CyKOR 6950.00038.440
2 Eat, Sleep, Pwn, Repeat 6950.00028.830
3 TokyoWesterns 6050.00023.138
4 p4 5750.00020.706
5 LC↯BC 5650.00019.469
6 Filthy Thr33 5450.00018.275
7 Batman's Kitchen 4750.00015.882
8 SUSlo.PAS 4250.00014.156
9 ALLES! 4150.00013.612
10 Plaid Parliament of Pwning 4150.00013.399
11 SiBears 4100.00013.086
12 [Redacted] 3850.00012.249
13 Corrupted Reflection 3700.00011.711
14 [TechnoPandas] 3700.00011.605
15 Camelot 3700.00011.514
16 Antichat 3550.00011.019
17 KoreanGang 3500.00010.810
18 OH-IOwned 3450.00010.609
19 VoidHack 3150.0009.723
20 Azure Admirer Agency (AAA) 3000.0009.257
21 Tasteless 3000.0009.212
22 STT 3000.0009.170
23 Pwnium 2950.0008.994
24 Koibasta 2700.0008.268
25 BE4HOXVII 2700.0008.236
26 Tower-of-Hanoi 2700.0008.206
27 Chaitin 2600.0007.902
28 khack40 2550.0007.738
29 irGeeks 2550.0007.715
30 Snatch The Root 2550.0007.693
31 yoburek 2500.0007.534
32 Harekaze 2450.0007.376
33 JohnDoe 2450.0007.358
34 Shellphish 2100.0006.373
35 hack.ERS 2100.0006.357
36 74kbl47 2100.0006.341
37 YoungPwnawans 2050.0006.189
38 CodeRed 2000.0006.037
39 noraneco 1900.0005.747
40 PLEXeT 1850.0005.597
41 Invulnerable 1750.0005.308
42 8710*IQ 1750.0005.297
43 Sudo_root 1750.0005.287
44 OstreKatozordy 1750.0005.276
45 Craft n' Capture 1650.0004.990
46 BHG 1600.0004.843
47 EpicTeam 1600.0004.834
48 ITCrowd 1600.0004.825
49 Limpopo 1600.0004.817
50 T1pst4r 1600.0004.809
51 zerosib 1600.0004.802
52 Hypertext Markup Protocol 1550.0004.656
53 SwissMadeSecurity 1550.0004.649
54 Honeypot 1550.0004.642
55 alex_k_polyakov 1500.0004.498
56 Kernel Sanders 1500.0004.491
57 DustDevils 1450.0004.347
58 $wag 1400.0004.203
59 0x617364 1400.0004.197
60 TechSec 1400.0004.192
61 TenDollar 1400.0004.187
62 ROIS 1400.0004.182
63 Nu1L 1400.0004.177
64 TeamRocketIst 1400.0004.172
65 badfirmware 1400.0004.167
66 randomstr 1400.0004.163
67 BreakPoint 1400.0004.159
68 0x34044 1400.0004.154
69 restless Schatzi's knights 1400.0004.150
70 Kółko Ekonomiczne Judasz 1400.0004.146
71 CatchFM 1400.0004.142
72 n0de 1400.0004.139
73 CH1ll 1350.0003.997
74 ThunderClap 1300.0003.855
75 Binary Devastation 1300.0003.851
76 opana 1300.0003.848
77 paperwhale 1250.0003.706
78 eunnie 1100.0003.288
79 CirclesOf$hell 1100.0003.285
80 zuko3d 1100.0003.282
81 1@stplace 1100.0003.279
82 ahaha 1100.0003.276
83 m1z0r3 1100.0003.274
84 vaseline valley 1100.0003.271
85 Team_STFU 1100.0003.268
86 kek 1100.0003.266
87 MTP.sky 1000.0002.986
88 Dr Testman 1000.0002.984
89 smoke leet everyday 950.0002.843
90 b1n4ry4rms 900.0002.702
91 TheGoonies 900.0002.700
92 SharLike 800.0002.421
93 Just Hit the Core 800.0002.419
94 kasia-tutej 800.0002.417
95 Ph03nix 800.0002.415
96 Hack'n roll 800.0002.413
97 potatocato 800.0002.411
98 scryptos 800.0002.408
99 mtf 800.0002.407
100 CremaIsBoring 800.0002.405
101 TOP of the ROP 800.0002.403
102 Hash Slinging Hackers 800.0002.401
103 Pandemic 800.0002.399
104 Epic Leet Team 750.0002.259
105 Ethical Hackers Club 750.0002.257
106 k8tems 700.0002.117
107 team name 700.0002.115
108 SIGPWN 700.0002.114
109 DirtySocks 700.0002.112
110 bincat 600.0001.834
111 LeaveCat 600.0001.832
112 2O2L2H 600.0001.831
113 Crackchester 600.0001.829
114 n2r 600.0001.828
115 0Shi00Shi 600.0001.826
116 wha1s0s1r1us 600.0001.825
117 MhackGyver 600.0001.824
118 Securimag 600.0001.822
119 cyberwehr 600.0001.821
120 R4nd0ms 600.0001.819
121 just_Damn_it 600.0001.818
122 noTeamName 600.0001.817
123 T0X1C V4P0R 600.0001.816
124 Granny 600.0001.814
125 One Man Orchestra 600.0001.813
126 Thomas 600.0001.812
127 !stress 600.0001.811
128 Black Technology Royal 600.0001.809
129 YouAreDelayingTheProject 600.0001.808
130 一块红布 600.0001.807
131 N0V1C3 600.0001.806
132 Indie Trash Panda 600.0001.805
133 1up 600.0001.804
134 Inshall'hack 600.0001.803
135 HackingForSoju 600.0001.802
136 PackdeSys 600.0001.801
137 Bushwhackers 600.0001.800
138 YubitSec 600.0001.799
139 DedSec 600.0001.798
140 farmingsimulator2015 600.0001.797
141 Phantom 600.0001.796
142 H4C 600.0001.795
143 Pwn Leak 600.0001.794
144 Fox-Hound 600.0001.793
145 dodododo 600.0001.792
146 Dragon Sector 500.0001.514
147 KansasCityShuffle 450.0001.375
148 HTCPCP:// 450.0001.374
149 CodeheadUK 450.0001.373
150 alexander 300.0000.958
151 LFY 300.0000.957
152 Dons Cosecant 300.0000.956
153 RGB 300.0000.955
154 asdf 300.0000.954
155 8bit 300.0000.954
156 P4dd1ng 300.0000.953
157 egy1337 300.0000.952
158 3y3 300.0000.951
159 HITSquad 300.0000.951
160 M57 300.0000.950
161 Exponential 300.0000.949
162 NIMDA 300.0000.948
163 One-Team 300.0000.948
164 MarazmTm 300.0000.947
165 vanhelsing 300.0000.946
166 UNN_Team 300.0000.945
167 I'm not Freddie Mercury 300.0000.945
168 h2x 300.0000.944
169 Hawk Security Team 300.0000.943
170 revker 300.0000.943
171 TNone 300.0000.942
172 dRem 300.0000.941
173 DoubleSigma 300.0000.941
174 TipTil 300.0000.940
175 GuidedHacking.com 300.0000.939
176 DC416 300.0000.939
177 igoryan 300.0000.938
178 yaPenetrators 300.0000.938
179 BIGBEAR_BK 300.0000.937
180 sec0d 300.0000.936
181 taurus 300.0000.936
182 GUECHAS 300.0000.935
183 HxD43v3R 300.0000.935
184 ISITDTU 300.0000.934
185 kaspersky4b 300.0000.934
186 Infinite loop 300.0000.933
187 wnv 300.0000.932
188 urchin 300.0000.932
189 SmartRobot 300.0000.931
190 mister spaghetti meatball 300.0000.931
191 DaltonBrothers 300.0000.930
192 guatitasec 300.0000.930
193 ACEBEAR 300.0000.929
194 Netcat.us 300.0000.929
195 BITSkrieg 300.0000.928
196 pi3la 300.0000.928
197 kad 300.0000.927
198 0xFF 300.0000.927
199 o0o 300.0000.926
200 Bottomfraggers 300.0000.926
201 Bono_iPad 300.0000.925
202 beef1306 300.0000.925
203 CatFlag 300.0000.924
204 poutsateam 300.0000.924
205 mrx 300.0000.923
206 CultOfTheDeadCarrot 300.0000.923
207 NIS 300.0000.922
208 cr4x0rs 300.0000.922
209 DeliciousHorse 300.0000.922
210 0xBU 300.0000.921
211 sqvrc 300.0000.921
212 Johnny 300.0000.920
213 hard 300.0000.920
214 okudo3 300.0000.919
215 OutOfRangeException 300.0000.919
216 fargus 300.0000.919
217 Sea Food 300.0000.918
218 MerElephant 300.0000.918
219 NORELATION 300.0000.917
220 securisec 200.0000.640
221 dcua 200.0000.640
222 SIDAO 200.0000.640
223 fu.ch4l1z4rd 200.0000.639
224 cbs 200.0000.639
225 int 0x80 200.0000.639
226 p4l 150.0000.500
227 Rusc 150.0000.250
niklasb – Oct. 6, 2017, 9:22 p.m.

Tasks are broken/down, and there is no way to contact the orga except for email, to which of course they do not respond. This is not acceptable.


maro – Oct. 6, 2017, 11:32 p.m.

- No IRC,
- Tasks does not mention what we have to do or what have to submit
- Flag format is useless since all tasks does not follow the mentioned flag format, you have just to add KLCTF as prefix
- Many broken tasks
- Guessing
...


Ghaaf – Oct. 7, 2017, 12:33 a.m.

I have the same problem as maro WTF! Kaspersky and no support ! lol !!


niklasb – Oct. 8, 2017, 7:16 p.m.

Note for future: Don't run pwnables as uid 0, or you will have a bad time keeping all the files on the challenge server where they belong. Not to mention forking servers that didn't register SIGCHLD handlers, infinite loops with no alarm() etc.


Pharisaeus – Oct. 8, 2017, 8:44 p.m.

Some tasks had reasonable difficulty and were fun, but there were also A LOT of issues:

1. No flag format respected. Basically every task was "add KLCTF prefix to whatever you get". On top of that flag was sometimes KLCTFxxxxx and sometimes a normal KLCTF{xxxx}. This is very confusing
2. Some tasks required guessing/dirbuster/crystal ball. RE400(+PWN700) initial stage for example required to guess that in /backup/backup.tar we can find the task sources/binaries. Nothing indicated this at all. In fact by far the hardest part of this task was exactly this step...
3. Service shared between all the teams, especially in case you need to trigger some specific state / race condition -> RE400/PWN700
4. Some very strange scoring. Crypto 800 was a trivial homomorphic Paillier challenge. Once someone noticed this is Paillier then it was instantly obvious how to recover the flag. But interestingly enough it could be solved even faster as blackbox. 300p for repeating XOR over a png, with keysize the same as header also seems a bit excessive. Especially compared to some other significantly harder tasks for similar amount of points.

And on top of all of this there was basically no communication channel, no IRC, no telegram, no nothing. You could send an email and get no response :) This becomes even more problematic when some tasks are broken (and they were).


maro – Oct. 10, 2017, 12:07 a.m.

Why is the scoreboard in ctftime is different than the original scoreboard ?!
https://ctf.kaspersky.com/contests/1/scoreboard/


merrychap – Oct. 11, 2017, 10:58 a.m.

ctftime, please, update the scoreboard for this challenge!