Fri, 06 Oct. 2017, 14:00 UTC — Sun, 08 Oct. 2017, 14:00 UTC 

On-line

Kaspersky Industrial CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.kaspersky.com/

This event's weight is subject of public voting!

Future weight: 19.23 

Rating weight: 19.23 

Event organizers 


The Quals will be held online and start from 6 of October (5.00 p.m. Moscow time) till 8 of October (5.00 p.m. Moscow time). The Finals will be held on 24 of October in Shanghai.
This year, the Qualifications will include the following types of tasks:
1. Web
2. Pwn
3. Crypto
4. Stegano/Forensics
5. Reverse
6. Fun

For the finals, we have prepared a stand with an Oil Refinery Factory connected to a Digital Substation. The top three teams will get a chance to hack it and get the prizes.

Prizes

Top 3 teams will be qualified to the Kaspersky Industrial CTF Finals during the GeekPwn1024 event in Shanghai, China

Scoreboard

227 teams total

PlaceTeamCTF pointsRating points
1 CyKOR 6950.00038.460
2 Eat, Sleep, Pwn, Repeat 6950.00028.845
3 TokyoWesterns 6050.00023.150
4 p4 5750.00020.717
5 LC↯BC 5650.00019.479
6 Filthy Thr33 5450.00018.285
7 Batman's Kitchen 4750.00015.890
8 SUSlo.PAS 4250.00014.163
9 ALLES! 4150.00013.619
10 Plaid Parliament of Pwning 4150.00013.406
11 SiBears 4100.00013.092
12 [Redacted] 3850.00012.255
13 Corrupted Reflection 3700.00011.717
14 [TechnoPandas] 3700.00011.611
15 Camelot 3700.00011.520
16 Antichat 3550.00011.024
17 KoreanGang 3500.00010.815
18 OH-IOwned 3450.00010.614
19 VoidHack 3150.0009.728
20 Azure Admirer Agency (AAA) 3000.0009.262
21 Tasteless 3000.0009.216
22 STT 3000.0009.175
23 Pwnium 2950.0008.998
24 Koibasta 2700.0008.272
25 BE4HOXVII 2700.0008.240
26 Tower-of-Hanoi 2700.0008.210
27 Chaitin 2600.0007.906
28 khack40 2550.0007.742
29 irGeeks 2550.0007.719
30 Snatch The Root 2550.0007.697
31 yoburek 2500.0007.538
32 Harekaze 2450.0007.380
33 JohnDoe 2450.0007.362
34 Shellphish 2100.0006.376
35 hack.ERS 2100.0006.360
36 74kbl47 2100.0006.345
37 YoungPwnawans 2050.0006.192
38 CodeRed 2000.0006.040
39 noraneco 1900.0005.750
40 PLEXeT 1850.0005.600
41 Invulnerable 1750.0005.311
42 PwnaSonic 1750.0005.300
43 Sudo_root 1750.0005.289
44 OstreKatozordy 1750.0005.279
45 Craft n' Capture 1650.0004.993
46 BHG 1600.0004.845
47 EpicTeam 1600.0004.836
48 ITCrowd 1600.0004.828
49 Limpopo 1600.0004.819
50 T1pst4r 1600.0004.812
51 zerosib 1600.0004.804
52 Hypertext Markup Protocol 1550.0004.659
53 SwissMadeSecurity 1550.0004.652
54 Honeypot 1550.0004.645
55 alex_k_polyakov 1500.0004.500
56 Kernel Sanders 1500.0004.494
57 DustDevils 1450.0004.349
58 $wag 1400.0004.205
59 0x617364 1400.0004.200
60 TechSec 1400.0004.194
61 TenDollar 1400.0004.189
62 ROIS 1400.0004.184
63 Nu1L 1400.0004.179
64 TeamRocketIst 1400.0004.174
65 badfirmware 1400.0004.170
66 randomstr 1400.0004.165
67 BreakPoint 1400.0004.161
68 0x34044 1400.0004.156
69 restless Schatzi's knights 1400.0004.152
70 Kółko Ekonomiczne Judasz 1400.0004.148
71 CatchFM 1400.0004.145
72 n0de 1400.0004.141
73 CH1ll 1350.0003.999
74 ThunderClap 1300.0003.857
75 Binary Devastation 1300.0003.853
76 opana 1300.0003.850
77 paperwhale 1250.0003.708
78 eunnie 1100.0003.290
79 CirclesOf$hell 1100.0003.287
80 zuko3d 1100.0003.284
81 jonathanj 1100.0003.281
82 ahaha 1100.0003.278
83 m1z0r3 1100.0003.275
84 vaseline valley 1100.0003.273
85 Team_STFU 1100.0003.270
86 kek 1100.0003.267
87 MTP.sky 1000.0002.988
88 Dr Testman 1000.0002.985
89 smoke leet everyday 950.0002.845
90 b1n4ry4rms 900.0002.704
91 TheGoonies 900.0002.702
92 SharLike 800.0002.423
93 Just Hit the Core 800.0002.420
94 kasia-tutej 800.0002.418
95 Ph03nix 800.0002.416
96 Hack'n roll 800.0002.414
97 potatocato 800.0002.412
98 scryptos 800.0002.410
99 mtf 800.0002.408
100 CremaIsBoring 800.0002.406
101 Top of the ROP 800.0002.404
102 Hash Slinging Hackers 800.0002.402
103 Pandemic 800.0002.400
104 Epic Leet Team 750.0002.260
105 Ethical Hackers Club 750.0002.258
106 k8tems 700.0002.118
107 team name 700.0002.117
108 SIGPWN 700.0002.115
109 DirtySocks 700.0002.113
110 bincat 600.0001.835
111 LeaveCat 600.0001.833
112 2O2L2H 600.0001.832
113 Crackchester 600.0001.830
114 n2r 600.0001.829
115 0Shi00Shi 600.0001.827
116 wha1s0s1r1us 600.0001.826
117 MhackGyver 600.0001.825
118 Securimag 600.0001.823
119 cyberwehr 600.0001.822
120 R4nd0ms 600.0001.820
121 just_Damn_it 600.0001.819
122 noTeamName 600.0001.818
123 T0X1C V4P0R 600.0001.816
124 Granny 600.0001.815
125 One Man Orchestra 600.0001.814
126 Thomas 600.0001.813
127 !stress 600.0001.812
128 Black Technology Royal 600.0001.810
129 YouAreDelayingTheProject 600.0001.809
130 一块红布 600.0001.808
131 N0V1C3 600.0001.807
132 Indie Trash Panda 600.0001.806
133 1up 600.0001.805
134 Inshall'hack 600.0001.804
135 HackingForSoju 600.0001.803
136 PackdeSys 600.0001.802
137 Bushwhackers 600.0001.801
138 SULOBAND 600.0001.799
139 DedSec 600.0001.798
140 farmingsimulator2015 600.0001.798
141 Phantom 600.0001.797
142 H4C 600.0001.796
143 Pwn Leak 600.0001.795
144 Fox-Hound 600.0001.794
145 dodododo 600.0001.793
146 Dragon Sector 500.0001.515
147 KansasCityShuffle 450.0001.376
148 HTCPCP:// 450.0001.375
149 CodeheadUK 450.0001.374
150 alexander 300.0000.958
151 LFY 300.0000.957
152 Dons Cosecant 300.0000.957
153 RGB 300.0000.956
154 asdf 300.0000.955
155 8bit 300.0000.954
156 P4dd1ng 300.0000.953
157 egy1337 300.0000.953
158 3y3 300.0000.952
159 HITSquad 300.0000.951
160 M57 300.0000.950
161 Exponential 300.0000.950
162 NIMDA 300.0000.949
163 One-Team 300.0000.948
164 MarazmTm 300.0000.947
165 vanhelsing 300.0000.947
166 UNN_Team 300.0000.946
167 I'm not Freddie Mercury 300.0000.945
168 HackXore 300.0000.945
169 Hawk Security Team 300.0000.944
170 revker 300.0000.943
171 #Thacket; 300.0000.943
172 dRem 300.0000.942
173 DoubleSigma 300.0000.941
174 TipTil 300.0000.941
175 GuidedHacking.com 300.0000.940
176 DC416 300.0000.939
177 igoryan 300.0000.939
178 yaPenetrators 300.0000.938
179 BIGBEAR_BK 300.0000.938
180 sec0d 300.0000.937
181 taurus 300.0000.936
182 GUECHAS 300.0000.936
183 HxD43v3R 300.0000.935
184 ISITDTU 300.0000.935
185 kaspersky4b 300.0000.934
186 Infinite loop 300.0000.933
187 wnv 300.0000.933
188 urchin 300.0000.932
189 SmartRobot 300.0000.932
190 mister spaghetti meatball 300.0000.931
191 DaltonBrothers 300.0000.931
192 guatitasec 300.0000.930
193 AceBear 300.0000.930
194 Netcat.us 300.0000.929
195 BITSkrieg 300.0000.929
196 pi3la 300.0000.928
197 kad 300.0000.928
198 0xFF 300.0000.927
199 o0o 300.0000.927
200 Bottomfraggers 300.0000.926
201 Bono_iPad 300.0000.926
202 beef1306 300.0000.925
203 CatFlag 300.0000.925
204 poutsateam 300.0000.924
205 mrx 300.0000.924
206 CultOfTheDeadCarrot 300.0000.923
207 NIS 300.0000.923
208 cr4x0rs 300.0000.923
209 DeliciousHorse 300.0000.922
210 0xBU 300.0000.922
211 sqvrc 300.0000.921
212 Lattice 300.0000.921
213 hard 300.0000.920
214 okudo3 300.0000.920
215 OutOfRangeException 300.0000.920
216 fargus 300.0000.919
217 Sea Food 300.0000.919
218 MerElephant 300.0000.918
219 NORELATION 300.0000.918
220 hapsida 200.0000.641
221 dcua 200.0000.640
222 SIDAO 200.0000.640
223 fu.ch4l1z4rd 200.0000.640
224 cbs 200.0000.639
225 int 0x80 200.0000.639
226 p4l 150.0000.500
227 Rusc 150.0000.250
niklasb – Oct. 6, 2017, 9:22 p.m.

Tasks are broken/down, and there is no way to contact the orga except for email, to which of course they do not respond. This is not acceptable.


maro – Oct. 6, 2017, 11:32 p.m.

- No IRC,
- Tasks does not mention what we have to do or what have to submit
- Flag format is useless since all tasks does not follow the mentioned flag format, you have just to add KLCTF as prefix
- Many broken tasks
- Guessing
...


Ghaaf – Oct. 7, 2017, 12:33 a.m.

I have the same problem as maro WTF! Kaspersky and no support ! lol !!


niklasb – Oct. 8, 2017, 7:16 p.m.

Note for future: Don't run pwnables as uid 0, or you will have a bad time keeping all the files on the challenge server where they belong. Not to mention forking servers that didn't register SIGCHLD handlers, infinite loops with no alarm() etc.


Pharisaeus – Oct. 8, 2017, 8:44 p.m.

Some tasks had reasonable difficulty and were fun, but there were also A LOT of issues:

1. No flag format respected. Basically every task was "add KLCTF prefix to whatever you get". On top of that flag was sometimes KLCTFxxxxx and sometimes a normal KLCTF{xxxx}. This is very confusing
2. Some tasks required guessing/dirbuster/crystal ball. RE400(+PWN700) initial stage for example required to guess that in /backup/backup.tar we can find the task sources/binaries. Nothing indicated this at all. In fact by far the hardest part of this task was exactly this step...
3. Service shared between all the teams, especially in case you need to trigger some specific state / race condition -> RE400/PWN700
4. Some very strange scoring. Crypto 800 was a trivial homomorphic Paillier challenge. Once someone noticed this is Paillier then it was instantly obvious how to recover the flag. But interestingly enough it could be solved even faster as blackbox. 300p for repeating XOR over a png, with keysize the same as header also seems a bit excessive. Especially compared to some other significantly harder tasks for similar amount of points.

And on top of all of this there was basically no communication channel, no IRC, no telegram, no nothing. You could send an email and get no response :) This becomes even more problematic when some tasks are broken (and they were).


maro – Oct. 10, 2017, 12:07 a.m.

Why is the scoreboard in ctftime is different than the original scoreboard ?!
https://ctf.kaspersky.com/contests/1/scoreboard/


merrychap – Oct. 11, 2017, 10:58 a.m.

ctftime, please, update the scoreboard for this challenge!