Fri, 06 Oct. 2017, 14:00 UTC — Sun, 08 Oct. 2017, 14:00 UTC 

On-line

Kaspersky Industrial CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.kaspersky.com/

This event's weight is subject of public voting!

Future weight: 19.03 

Rating weight: 19.03 

Event organizers 


The Quals will be held online and start from 6 of October (5.00 p.m. Moscow time) till 8 of October (5.00 p.m. Moscow time). The Finals will be held on 24 of October in Shanghai.
This year, the Qualifications will include the following types of tasks:
1. Web
2. Pwn
3. Crypto
4. Stegano/Forensics
5. Reverse
6. Fun

For the finals, we have prepared a stand with an Oil Refinery Factory connected to a Digital Substation. The top three teams will get a chance to hack it and get the prizes.

Prizes

Top 3 teams will be qualified to the Kaspersky Industrial CTF Finals during the GeekPwn1024 event in Shanghai, China

Scoreboard

227 teams total

PlaceTeamCTF pointsRating points
1 CyKOR 6950.00038.060
2 Eat, Sleep, Pwn, Repeat 6950.00028.545
3 TokyoWesterns 6050.00022.909
4 p4 5750.00020.502
5 LC↯BC 5650.00019.276
6 Filthy Thr33 5450.00018.094
7 Batman's Kitchen 4750.00015.725
8 SUSlo.PAS 4250.00014.016
9 ALLES! 4150.00013.478
10 Plaid Parliament of Pwning 4150.00013.266
11 SiBears 4100.00012.956
12 [Redacted] 3850.00012.128
13 Corrupted Reflection 3700.00011.595
14 [TechnoPandas] 3700.00011.490
15 Camelot 3700.00011.400
16 Antichat 3550.00010.910
17 KoreanGang 3500.00010.703
18 OH-IOwned 3450.00010.504
19 VoidHack 3150.0009.627
20 Azure Admirer Agency (AAA) 3000.0009.166
21 Tasteless 3000.0009.121
22 STT 3000.0009.079
23 Pwnium 2950.0008.905
24 Koibasta 2700.0008.186
25 BE4HOXVII 2700.0008.154
26 Tower-of-Hanoi 2700.0008.125
27 Chaitin 2600.0007.824
28 khack40 2550.0007.662
29 irGeeks 2550.0007.638
30 Snatch The Root 2550.0007.617
31 yoburek 2500.0007.459
32 Harekaze 2450.0007.303
33 JohnDoe 2450.0007.285
34 Shellphish 2100.0006.310
35 hack.ERS 2100.0006.294
36 74kbl47 2100.0006.279
37 YoungPwnawans 2050.0006.127
38 CodeRed 2000.0005.977
39 noraneco 1900.0005.690
40 PLEXeT 1850.0005.541
41 Invulnerable 1750.0005.256
42 8710*IQ 1750.0005.245
43 Sudo_root 1750.0005.234
44 OstreKatozordy 1750.0005.224
45 Craft n' Capture 1650.0004.941
46 BHG 1600.0004.795
47 EpicTeam 1600.0004.786
48 ITCrowd 1600.0004.777
49 Limpopo 1600.0004.769
50 T1pst4r 1600.0004.762
51 zerosib 1600.0004.754
52 Hypertext Markup Protocol 1550.0004.610
53 SwissMadeSecurity 1550.0004.603
54 Honeypot 1550.0004.597
55 alex_k_polyakov 1500.0004.453
56 Kernel Sanders 1500.0004.447
57 DustDevils 1450.0004.304
58 $wag 1400.0004.161
59 0x617364 1400.0004.156
60 TechSec 1400.0004.151
61 TenDollar 1400.0004.145
62 ROIS 1400.0004.140
63 Nu1L 1400.0004.135
64 TeamRocketIst 1400.0004.131
65 badfirmware 1400.0004.126
66 randomstr 1400.0004.122
67 BreakPoint 1400.0004.117
68 0x34044 1400.0004.113
69 restless Schatzi's knights 1400.0004.109
70 Kółko Ekonomiczne Judasz 1400.0004.105
71 CatchFM 1400.0004.101
72 n0de 1400.0004.098
73 CH1ll 1350.0003.957
74 ThunderClap 1300.0003.817
75 Binary Devastation 1300.0003.813
76 opana 1300.0003.810
77 paperwhale 1250.0003.670
78 eunnie 1100.0003.256
79 CirclesOf$hell 1100.0003.253
80 zuko3d 1100.0003.250
81 jjss 1100.0003.247
82 ahaha 1100.0003.244
83 m1z0r3 1100.0003.241
84 vaseline valley 1100.0003.238
85 Team_STFU 1100.0003.236
86 kek 1100.0003.233
87 MTP.sky 1000.0002.957
88 Dr Testman 1000.0002.954
89 smoke leet everyday 950.0002.815
90 b1n4ry4rms 900.0002.676
91 TheGoonies 900.0002.673
92 SharLike 800.0002.397
93 Just Hit the Core 800.0002.395
94 kasia-tutej 800.0002.393
95 Ph03nix 800.0002.391
96 Hack'n roll 800.0002.389
97 potatocato 800.0002.387
98 scryptos 800.0002.385
99 mtf 800.0002.383
100 CremaIsBoring 800.0002.381
101 TOP of the ROP 800.0002.379
102 Hash Slinging Hackers 800.0002.377
103 Pandemic 800.0002.375
104 Epic Leet Team 750.0002.237
105 Ethical Hackers Club 750.0002.235
106 k8tems 700.0002.096
107 team name 700.0002.095
108 SIGPWN 700.0002.093
109 DirtySocks 700.0002.091
110 bincat 600.0001.816
111 LeaveCat 600.0001.814
112 2O2L2H 600.0001.813
113 Crackchester 600.0001.811
114 n2r 600.0001.810
115 0Shi00Shi 600.0001.808
116 wha1s0s1r1us 600.0001.807
117 MhackGyver 600.0001.806
118 Securimag 600.0001.804
119 cyberwehr 600.0001.803
120 R4nd0ms 600.0001.801
121 just_Damn_it 600.0001.800
122 noTeamName 600.0001.799
123 T0X1C V4P0R 600.0001.798
124 Granny 600.0001.796
125 One Man Orchestra 600.0001.795
126 Thomas 600.0001.794
127 !stress 600.0001.793
128 Black Technology Royal 600.0001.792
129 YouAreDelayingTheProject 600.0001.790
130 一块红布 600.0001.789
131 N0V1C3 600.0001.788
132 Indie Trash Panda 600.0001.787
133 1up 600.0001.786
134 Inshall'hack 600.0001.785
135 HackingForSoju 600.0001.784
136 PackdeSys 600.0001.783
137 Bushwhackers 600.0001.782
138 YubitSec 600.0001.781
139 DedSec 600.0001.780
140 farmingsimulator2015 600.0001.779
141 Phantom 600.0001.778
142 H4C 600.0001.777
143 Pwn Leak 600.0001.776
144 Fox-Hound 600.0001.775
145 dodododo 600.0001.774
146 Dragon Sector 500.0001.499
147 KansasCityShuffle 450.0001.362
148 HTCPCP:// 450.0001.361
149 CodeheadUK 450.0001.360
150 alexander 300.0000.948
151 LFY 300.0000.947
152 Dons Cosecant 300.0000.947
153 RGB 300.0000.946
154 asdf 300.0000.945
155 8bit 300.0000.944
156 P4dd1ng 300.0000.943
157 egy1337 300.0000.943
158 3y3 300.0000.942
159 HITSquad 300.0000.941
160 M57 300.0000.940
161 Exponential 300.0000.940
162 NIMDA 300.0000.939
163 One-Team 300.0000.938
164 MarazmTm 300.0000.937
165 vanhelsing 300.0000.937
166 UNN_Team 300.0000.936
167 I'm not Freddie Mercury 300.0000.935
168 HackXore 300.0000.935
169 Hawk Security Team 300.0000.934
170 revker 300.0000.933
171 TNone 300.0000.933
172 dRem 300.0000.932
173 DoubleSigma 300.0000.931
174 TipTil 300.0000.931
175 GuidedHacking.com 300.0000.930
176 DC416 300.0000.930
177 igoryan 300.0000.929
178 yaPenetrators 300.0000.928
179 BIGBEAR_BK 300.0000.928
180 sec0d 300.0000.927
181 taurus 300.0000.927
182 GUECHAS 300.0000.926
183 HxD43v3R 300.0000.925
184 ISITDTU 300.0000.925
185 kaspersky4b 300.0000.924
186 Infinite loop 300.0000.924
187 wnv 300.0000.923
188 urchin 300.0000.923
189 SmartRobot 300.0000.922
190 mister spaghetti meatball 300.0000.922
191 DaltonBrothers 300.0000.921
192 guatitasec 300.0000.921
193 ACEBEAR 300.0000.920
194 Netcat.us 300.0000.920
195 BITSkrieg 300.0000.919
196 pi3la 300.0000.919
197 kad 300.0000.918
198 0xFF 300.0000.918
199 o0o 300.0000.917
200 Bottomfraggers 300.0000.917
201 Bono_iPad 300.0000.916
202 beef1306 300.0000.916
203 CatFlag 300.0000.915
204 poutsateam 300.0000.915
205 mrx 300.0000.914
206 CultOfTheDeadCarrot 300.0000.914
207 NIS 300.0000.913
208 cr4x0rs 300.0000.913
209 DeliciousHorse 300.0000.912
210 0xBU 300.0000.912
211 sqvrc 300.0000.912
212 Johnny 300.0000.911
213 hard 300.0000.911
214 okudo3 300.0000.910
215 OutOfRangeException 300.0000.910
216 fargus 300.0000.910
217 Sea Food 300.0000.909
218 MerElephant 300.0000.909
219 NORELATION 300.0000.908
220 securisec 200.0000.634
221 dcua 200.0000.634
222 SIDAO 200.0000.633
223 fu.ch4l1z4rd 200.0000.633
224 cbs 200.0000.633
225 int 0x80 200.0000.632
226 p4l 150.0000.495
227 Rusc 150.0000.247
niklasb – Oct. 6, 2017, 9:22 p.m.

Tasks are broken/down, and there is no way to contact the orga except for email, to which of course they do not respond. This is not acceptable.


maro – Oct. 6, 2017, 11:32 p.m.

- No IRC,
- Tasks does not mention what we have to do or what have to submit
- Flag format is useless since all tasks does not follow the mentioned flag format, you have just to add KLCTF as prefix
- Many broken tasks
- Guessing
...


Ghaaf – Oct. 7, 2017, 12:33 a.m.

I have the same problem as maro WTF! Kaspersky and no support ! lol !!


niklasb – Oct. 8, 2017, 7:16 p.m.

Note for future: Don't run pwnables as uid 0, or you will have a bad time keeping all the files on the challenge server where they belong. Not to mention forking servers that didn't register SIGCHLD handlers, infinite loops with no alarm() etc.


Pharisaeus – Oct. 8, 2017, 8:44 p.m.

Some tasks had reasonable difficulty and were fun, but there were also A LOT of issues:

1. No flag format respected. Basically every task was "add KLCTF prefix to whatever you get". On top of that flag was sometimes KLCTFxxxxx and sometimes a normal KLCTF{xxxx}. This is very confusing
2. Some tasks required guessing/dirbuster/crystal ball. RE400(+PWN700) initial stage for example required to guess that in /backup/backup.tar we can find the task sources/binaries. Nothing indicated this at all. In fact by far the hardest part of this task was exactly this step...
3. Service shared between all the teams, especially in case you need to trigger some specific state / race condition -> RE400/PWN700
4. Some very strange scoring. Crypto 800 was a trivial homomorphic Paillier challenge. Once someone noticed this is Paillier then it was instantly obvious how to recover the flag. But interestingly enough it could be solved even faster as blackbox. 300p for repeating XOR over a png, with keysize the same as header also seems a bit excessive. Especially compared to some other significantly harder tasks for similar amount of points.

And on top of all of this there was basically no communication channel, no IRC, no telegram, no nothing. You could send an email and get no response :) This becomes even more problematic when some tasks are broken (and they were).


maro – Oct. 10, 2017, 12:07 a.m.

Why is the scoreboard in ctftime is different than the original scoreboard ?!
https://ctf.kaspersky.com/contests/1/scoreboard/


merrychap – Oct. 11, 2017, 10:58 a.m.

ctftime, please, update the scoreboard for this challenge!