CTFtime.org

DEF CON CTF Qualifier 2018

Sat, 12 May 2018, 00:00 UTC — Mon, 14 May 2018, 00:00 UTC 

On-line

DEF CON CTF Qualifier event.

Format: Jeopardy Jeopardy

Official URL: http://oooverflow.io/

This event's weight is subject of public voting!

Future weight: 58.89 

Rating weight: 71.97 

Event organizers 


Scoreboard

585 teams total

PlaceTeamCTF pointsRating points
1 Samurai 4294.000143.940
2 mhackeroni 4066.000104.134
3 Plaid Parliament of Pwning 3909.00089.507
4 Sauercloud 3815.00081.934
5 RPISEC 3670.00075.905
6 Tea Deliverers 3650.00073.171
7 KaisHack+PLUS+GoN 3462.00068.307
8 HITCON 3272.00063.837
9 Shellphish 2742.00053.954
10 Dragon Sector 2679.00052.099
11 koreanbadass 2536.00049.048
12 Via Vee 2439.00046.877
13 0daysober 2245.00043.164
14 binja 2211.00042.198
15 C.G.K.S 2194.00041.571
16 r00timentary 2194.00041.271
17 DEFKOR 2150.00040.269
18 PwnThyBytes 2090.00039.028
19 TokyoWesterns 2090.00038.818
20 hxp 2089.00038.611
21 JD-r3kapig 1986.00036.714
22 BFS 1971.00036.306
23 NASA Rejects 1866.00034.404
24 TeamBaguette 1800.00033.168
25 !SpamAndHex 1785.00032.796
26 perfect blue 1600.00029.585
27 Tasteless 1585.00029.231
28 5BC 1470.00027.208
29 LC↯BC 1454.00026.852
30 securisecctf 1449.00026.685
31 Validity 1399.00025.770
32 CLGT 1370.00025.211
33 Never Stop Exploiting 1282.00023.668
34 dcua 1274.00023.470
35 galhacktictrendsetters 1259.00023.158
36 xSTT 1196.00022.045
37 Bushwhackers 1167.00021.505
38 ElectroBoard 1152.00021.202
39 hackmissile 1150.00021.120
40 team enu 1145.00020.990
41 HackAtSeoul 1123.00020.578
42 AbsentChefs 1106.00020.251
43 Azure Assassin Alliance 999.00018.418
44 upbhack 948.00017.525
45 In`shellah 920.00017.019
46 p4 891.00016.498
47 BAH-Humbug 884.00016.348
48 Hexpresso 875.00016.165
49 Neg9 864.00015.950
50 VoidHack 785.00014.596
51 Harekaze 780.00014.484
52 Shell Collecting Club 771.00014.306
53 robotmafia 768.00014.230
54 noraneco 757.00014.021
55 ASIS 754.00013.946
56 pixels 754.00013.923
57 EmpireCTF 754.00013.900
58 ChocolateMakers 749.00013.795
59 secse 746.00013.723
60 WhatTheSheep 746.00013.703
61 RiceSec 746.00013.683
62 LosFuzzys 743.00013.614
63 WE_0WN_Y0U 743.00013.596
64 badfirmware 743.00013.578
65 cyon 680.00012.504
66 TeamAardvark 661.00012.169
67 AlmaFA 660.00012.136
68 0xbadf00d 645.00011.869
69 Knights of the DROP TABLE 642.00011.803
70 Apex 642.00011.788
71 shellrippers 636.00011.673
72 $ℂ$ 636.00011.659
73 ManceRadare2 636.00011.646
74 YoungPwnawans 636.00011.632
75 cyberkastike 633.00011.569
76 ids-TeamCC 633.00011.556
77 PersianCats 633.00011.544
78 HackerDom 633.00011.532
79 Epic Leet Team 633.00011.520
80 Hackademia 625.00011.375
81 Pandemic 625.00011.364
82 FireShell 625.00011.353
83 ddosattacks 625.00011.342
84 RTFM 625.00011.332
85 0e85dc6eaf 625.00011.322
86 PKTeam 625.00011.312
87 YOKARO-MON 625.00011.303
88 tuna 625.00011.293
89 ID-10-T 625.00011.284
90 Limpopo 625.00011.275
91 noxale 625.00011.266
92 P@nic! 563.00010.218
93 TeamMugit 534.0009.724
94 vuls 532.0009.682
95 !soBad 532.0009.674
96 凝聚网安工作室 529.0009.616
97 hinazuru 521.0009.474
98 TheYellingCow 521.0009.467
99 The Northern Coalition 521.0009.459
100 underhill 521.0009.452
101 yohanes 521.0009.445
102 InfoSecIITR 521.0009.438
103 OSI Layer 8 521.0009.431
104 0x4556368625 521.0009.424
105 y12uN 521.0009.418
106 Ph0t1n1a 521.0009.411
107 ▲▲▲ 521.0009.405
108 Dogod 515.0009.298
109 NYUSEC 515.0009.292
110 Contagion 515.0009.286
111 OpenToAll 515.0009.280
112 DokuDempa 515.0009.274
113 Lorem Checksum 515.0009.269
114 WeAreNotPrepared 515.0009.263
115 Made In MIM 515.0009.258
116 validity1 515.0009.252
117 SSAT 515.0009.247
118 ARGOS 515.0009.242
119 HMPerson1 515.0009.236
120 IISEC-mochigoma 515.0009.231
121 ICST_NOT_NCCST 515.0009.227
122 UAFCSC 515.0009.222
123 CyberCholos 515.0009.217
124 Invulnerable 515.0009.212
125 onotch 515.0009.207
126 HackXore 515.0009.203
127 Don'tPanic! 515.0009.198
128 Rapace Diabolique 515.0009.194
129 TheEmperors 515.0009.190
130 ShineShadow 515.0009.185
131 UCI_Cyber 515.0009.181
132 IrishBunnies 436.0007.853
133 sheldon2 433.0007.798
134 Neutrino_Cannon 428.0007.711
135 hxzene 425.0007.656
136 SiBears 425.0007.652
137 kosh 425.0007.649
138 Juniter 419.0007.544
139 secteam 419.0007.540
140 FresherMan 417.0007.503
141 cr00se elroy 417.0007.500
142 VXRL 417.0007.496
143 Xp0int 417.0007.492
144 TheSpaniards 417.0007.489
145 katagaitai 417.0007.486
146 Knightsec 417.0007.482
147 AnomalousMaterials 411.0007.378
148 Tempest 411.0007.375
149 Ten*48 411.0007.372
150 technic 411.0007.368
151 aslrulz 411.0007.365
152 WeBareBears 411.0007.362
153 bi0s 411.0007.359
154 [TechnoPandas] 411.0007.356
155 Pwnium 411.0007.353
156 luxeria 411.0007.350
157 CarrotSuitMen 411.0007.347
158 dtdt 411.0007.344
159 CyB3r1 411.0007.341
160 RunCMD 411.0007.338
161 BORG 411.0007.336
162 defragmented brains 411.0007.333
163 0xD13A 411.0007.330
164 b0tch_sec 411.0007.327
165 I'm GGonna 411.0007.325
166 T0X1C V4P0R 411.0007.322
167 Buzz3d 411.0007.320
168 amuncic 411.0007.317
169 FiveTree 411.0007.314
170 yharima 411.0007.312
171 paid2penetrate 411.0007.309
172 saarsec 411.0007.307
173 Rapadura 411.0007.305
174 White Orchid 411.0007.302
175 BSLabs 411.0007.300
176 0x34044 411.0007.298
177 kazuaa 335.0006.021
178 Colonel0x20 335.0006.019
179 JohnDoe 327.0005.883
180 fishhsif 315.0005.679
181 73mp31 313.0005.644
182 Fujisawa 310.0005.591
183 PwnaSonic 310.0005.589
184 0xBADA55 309.0005.570
185 NDSU_Cyber_Bison_Gold 309.0005.568
186 beerpwn 309.0005.566
187 fugashi 309.0005.564
188 VAPORSEC 307.0005.528
189 glua.team 307.0005.526
190 i81109 307.0005.524
191 WishYouWereHere 307.0005.522
192 K.Knock 307.0005.520
193 pwndevilsasu 307.0005.518
194 SecurityFactorial 307.0005.516
195 Vulntron 307.0005.515
196 tokumeiusagi 307.0005.513
197 Lerdsuwa 307.0005.511
198 BabyPhD 307.0005.509
199 vand 307.0005.507
200 m1z0r3 307.0005.505
201 De1ta_ 307.0005.504
202 Pronoia 307.0005.502
203 Nnnaaa... 307.0005.500
204 losiny 307.0005.498
205 Exponential 307.0005.497
206 ThreatLevelMidnight 307.0005.495
207 T1pst4r 307.0005.493
208 coyote 307.0005.492
209 Nightmare Mechasheep 307.0005.490
210 cafejoa 307.0005.488
211 shellgamez 307.0005.487
212 Solo 307.0005.485
213 indo8 307.0005.483
214 hAIXer 307.0005.482
215 mlr0p 307.0005.480
216 N0t_Y0u 307.0005.479
217 secsi 307.0005.477
218 irGeeks 307.0005.476
219 w33t34m 307.0005.474
220 farmingsimulator2015 307.0005.473
221 secspirit 307.0005.471
222 胖二翁 307.0005.470
223 胖四海1 307.0005.468
224 rmrfslash 307.0005.467
225 胖四方 307.0005.465
226 kopipacket2 307.0005.464
227 FuckingHellLetMeLogIN 307.0005.463
228 bolgia4 307.0005.461
229 madhaxers 307.0005.460
230 RF 307.0005.458
231 CTF-infinit 307.0005.457
232 ElderWang 307.0005.456
233 NIS 307.0005.454
234 sunny_place_e04va8nkcmj9 307.0005.453
235 r 307.0005.452
236 int3pids 307.0005.450
237 10n3r 307.0005.449
238 rawsec 307.0005.448
239 ReasonCtf 307.0005.447
240 ToyPoodleBites 307.0005.445
241 Cse 307.0005.444
242 Just_M3 307.0005.443
243 WeaponisedSarcasm 307.0005.442
244 jsutset 233.0004.200
245 BluntForceTrauma 225.0004.065
246 luponed 223.0004.030
247 CultDeadChupacabras 222.0004.012
248 Stack 211.0003.827
249 DigRev 211.0003.826
250 Av3ng3rs_1n1t14t1v3 211.0003.824
251 grzegol 211.0003.823
252 UNCC 208.0003.772
253 TU6PM 208.0003.771
254 fivestarsunburst 206.0003.736
255 grc 206.0003.735
256 TeamAZ 206.0003.734
257 #Thacket; 206.0003.733
258 P2PPressure 206.0003.732
259 Ascope 206.0003.731
260 KEEPER 206.0003.729
261 bl@m3t43c@t 205.0003.712
262 /bad 205.0003.711
263 FruitSnacks 205.0003.710
264 cbs 205.0003.709
265 _ 205.0003.708
266 VeleBit 205.0003.706
267 $criptKiddies 205.0003.705
268 Xhunter 205.0003.704
269 WAKANDA_FOREVER! 205.0003.703
270 g30 205.0003.702
271 just_r0b 205.0003.701
272 showeremoji 205.0003.701
273 eval 205.0003.700
274 blueship 205.0003.699
275 MonSec 205.0003.698
276 bananagoat 205.0003.697
277 Yamagi.com 205.0003.696
278 pengabc 205.0003.695
279 The Lynebackers 205.0003.694
280 CatPawn 205.0003.693
281 PPAP_Dance 205.0003.692
282 Youalreadyknow 205.0003.691
283 stankc 205.0003.690
284 Hash Slinging Hackers 205.0003.689
285 DBCooper 205.0003.688
286 katamon 205.0003.688
287 Guest9282322 205.0003.687
288 Coxxs 205.0003.686
289 brucel33t 203.0003.651
290 X1cT34m 203.0003.651
291 toolate 203.0003.650
292 i_asked_jeeves 203.0003.649
293 Ggoggoma 203.0003.648
294 ConfigConsole 203.0003.647
295 HNN4ABO 203.0003.646
296 Security First 203.0003.646
297 110_team 203.0003.645
298 1064CBread 203.0003.644
299 pandasys 203.0003.643
300 Rebyc 203.0003.642
301 kichung 203.0003.642
302 wwwllkk 203.0003.641
303 blockchain878787 203.0003.640
304 ByteBandits 203.0003.639
305 y0d31 203.0003.638
306 madmonies 203.0003.638
307 hack4fun! 203.0003.637
308 win&cloud 203.0003.636
309 TeamNotFound 203.0003.635
310 flteam 203.0003.635
311 IGRUS 203.0003.634
312 shhoya 203.0003.633
313 the cr0wn 203.0003.632
314 jackestax 203.0003.632
315 MhackGyver 203.0003.631
316 se0g1 203.0003.630
317 r4mg7hund3r 203.0003.629
318 os1913 203.0003.629
319 snack_canary 203.0003.628
320 MSTUCA 203.0003.627
321 Loners 203.0003.627
322 GOBBLES 203.0003.626
323 blobby 203.0003.625
324 UCCU 203.0003.625
325 VanceCTF 203.0003.624
326 Divas hit the road 203.0003.623
327 mityada 203.0003.622
328 ctf_und_so 203.0003.622
329 CaptureTheFrog 203.0003.621
330 X10Sec 203.0003.620
331 WeCool 203.0003.620
332 crayontheft 203.0003.619
333 Beast 203.0003.619
334 AoToI 203.0003.618
335 bobgil 203.0003.617
336 Freakazoids 203.0003.617
337 Gadol 203.0003.616
338 Platypodes 203.0003.615
339 memyselfandi 203.0003.615
340 DevoMeat 203.0003.614
341 AddPayphones 203.0003.613
342 justCatTheFish_ 203.0003.613
343 M.5.F.4 203.0003.612
344 HoT 203.0003.612
345 wight 203.0003.611
346 6duk 203.0003.610
347 ShortestMonth 203.0003.610
348 PDKT 203.0003.609
349 Batman's Kitchen 203.0003.609
350 SYPER 203.0003.608
351 TryTry 203.0003.607
352 nacayoshi00 203.0003.607
353 fi 203.0003.606
354 BlockchainEnabledMulti-LevelCloudBasedCorporateSynergyforSmartThingsofInternet 203.0003.606
355 .elite 203.0003.605
356 Nepalian 203.0003.605
357 nonamana 203.0003.604
358 qqqqq 203.0003.603
359 SnowSeal 203.0003.603
360 Dancing Simpletons 203.0003.602
361 dotsu- 203.0003.602
362 CS-WAT 203.0003.601
363 OPT 203.0003.601
364 Hackthissite 203.0003.600
365 SMlee 203.0003.600
366 I_AM_gROOT 203.0003.599
367 f1yyy 151.0002.727
368 africaking 121.0002.224
369 p0k3r 104.0001.938
370 keep 104.0001.938
371 hime14 104.0001.937
372 jiva 104.0001.937
373 LonelyBit 104.0001.936
374 1pwnch 104.0001.936
375 I’m GGonna 104.0001.935
376 0xB455r0p 104.0001.935
377 SubZero 104.0001.934
378 nemo 104.0001.933
379 0x1f5 104.0001.933
380 RockRiver 104.0001.932
381 qweqweqwe 104.0001.932
382 awg 104.0001.932
383 starPt 104.0001.931
384 ATeam 104.0001.931
385 Adnan_Slef 104.0001.930
386 ch3ny4n6 104.0001.930
387 dankhax0r 104.0001.929
388 0?#3XK 104.0001.929
389 Team1234567 104.0001.928
390 N.Korea 104.0001.928
391 vanhelsing 104.0001.927
392 TonyLoserFace 104.0001.927
393 CyBest 104.0001.926
394 dirtymikeandtheboyz 104.0001.926
395 DENKOSEKKA 104.0001.925
396 QQQQQQ 104.0001.925
397 NUCL3@R 104.0001.924
398 Soy 104.0001.924
399 Pwn Leak 104.0001.923
400 DeltaStrikeOp 104.0001.923
401 pwners 104.0001.923
402 n0body 102.0001.889
403 hawaiijohn 102.0001.888
404 LSE 102.0001.888
405 HiXoR 102.0001.887
406 Infinite loop 102.0001.887
407 David's here, now it's a party 102.0001.886
408 TwoWayTieForLast 102.0001.886
409 n0psledbyte 102.0001.886
410 kernel_panic 102.0001.885
411 swt02026 102.0001.885
412 tiredman 102.0001.884
413 invalid 102.0001.884
414 hyde4 102.0001.883
415 khide 102.0001.883
416 Yes 102.0001.883
417 ISITDTU 102.0001.882
418 IND 102.0001.882
419 river 102.0001.881
420 xxxxxx 102.0001.881
421 Devhat 102.0001.881
422 RevEng 102.0001.880
423 In'shallah 102.0001.880
424 1nv@l1d 102.0001.879
425 Kandros 102.0001.879
426 Lunas 102.0001.879
427 Retr0id 102.0001.878
428 E42494 102.0001.878
429 ex0ns 102.0001.877
430 soloso 102.0001.877
431 EPAD 102.0001.877
432 CyRadar 102.0001.876
433 0xdardas 102.0001.876
434 H3x Pr0ph3ts 102.0001.875
435 evey 102.0001.875
436 dictat0rs.php 102.0001.875
437 hack_free 102.0001.874
438 SIGFLAG_ 102.0001.874
439 BTeam 102.0001.874
440 Z-OneX 102.0001.873
441 3BlindNerds 102.0001.873
442 isbjorn 102.0001.872
443 PAsec 102.0001.872
444 AUTHority 102.0001.872
445 UnKn0wn 102.0001.871
446 Caerus 102.0001.871
447 TheWereCicadas 102.0001.871
448 o0i9u88 102.0001.870
449 p4wnWAT 102.0001.870
450 Kernelsanders 102.0001.870
451 Hackday 101.0001.852
452 kek 101.0001.852
453 LooneyToons 101.0001.852
454 XTZ 101.0001.851
455 alexander 101.0001.851
456 space copybaras 101.0001.851
457 NULL Life 101.0001.850
458 no_team_like_this_team 101.0001.850
459 The Art Of Exploration 101.0001.850
460 5ffcc4e309ab20a2cc2f2b669e5f05e5 101.0001.849
461 HexQueens 101.0001.849
462 IloveBaguette 101.0001.849
463 TeamCyprus 101.0001.848
464 TokyoForest 101.0001.848
465 shadowCrack 101.0001.848
466 GRIN 101.0001.847
467 H3X0R 101.0001.847
468 Curiosity 101.0001.847
469 OTR 101.0001.846
470 TeamNotFound123 101.0001.846
471 nopdata 101.0001.846
472 AOR 101.0001.845
473 DefconHackers 101.0001.845
474 Codename:PineApple 101.0001.845
475 Wolves 101.0001.844
476 Slug Security 101.0001.844
477 moveaxebx 101.0001.844
478 CuChuoiChamMuoi 101.0001.843
479 it4lian_inf4ntry 101.0001.843
480 bzbzbz 101.0001.843
481 wasamusume 101.0001.842
482 3NIGM4 101.0001.842
483 shadowlolz 101.0001.842
484 IHP&C 101.0001.842
485 bebop-squad 101.0001.841
486 U+1F4A3 101.0001.841
487 topkek 101.0001.841
488 Telegram 101.0001.840
489 test0000 101.0001.840
490 민준이는멍멍 101.0001.840
491 kk28 101.0001.839
492 solotraveler 101.0001.839
493 삐융삐융 101.0001.839
494 DISC 101.0001.839
495 MadHat 101.0001.838
496 owo 101.0001.838
497 eciph3r 101.0001.838
498 ch4n3 101.0001.837
499 Sorena 101.0001.837
500 smakaduta 101.0001.837
501 Code_Black 101.0001.836
502 Teppay 101.0001.836
503 KOBE 101.0001.836
504 Halo.no 101.0001.836
505 sezhuo 101.0001.835
506 azertyuiop 101.0001.835
507 TheFlagIsNotHere 101.0001.835
508 Testing999 101.0001.834
509 ZenHack 101.0001.834
510 babybaby 101.0001.834
511 fadam 101.0001.834
512 Hodor 101.0001.833
513 test12 101.0001.833
514 Sibnew 101.0001.833
515 ret2fail 101.0001.833
516 eavesdroppers 101.0001.832
517 Red_Falcon 101.0001.832
518 pyc3 101.0001.832
519 Badf00d 101.0001.831
520 3zStyl3 101.0001.831
521 noar 101.0001.831
522 Sleepy 101.0001.831
523 Ethical Hackers Club 101.0001.830
524 infini.inc 101.0001.830
525 6l0ry 101.0001.830
526 CyberAces 101.0001.830
527 Oblivion 101.0001.829
528 GRSEC_TEAM 101.0001.829
529 webprog 101.0001.829
530 a_i 101.0001.829
531 commie 101.0001.828
532 aiueo 101.0001.828
533 ohboi 101.0001.828
534 TeamHM 101.0001.828
535 Charles_Yang 101.0001.827
536 NovaSentinel 101.0001.827
537 PT 101.0001.827
538 Group14 101.0001.827
539 zamoureux 101.0001.826
540 Newbs 101.0001.826
541 pirates 101.0001.826
542 IamError 101.0001.826
543 Intothe_nw0 101.0001.825
544 f.killrra 101.0001.825
545 argaz 101.0001.825
546 NULLKrypt3rs 101.0001.825
547 b_b4ndits 101.0001.824
548 DontMindMe 101.0001.824
549 NoobTubeExtraordinaire 101.0001.824
550 S3sh2 101.0001.824
552 marshmallowcalpis 101.0001.823
553 NtroCubane 101.0001.823
554 TheSynfulAcks 101.0001.823
555 rutrack 101.0001.822
556 NCC1701D 101.0001.822
557 KółkoRozpustyMaryja 101.0001.822
558 poop 101.0001.822
559 GUDUBET 101.0001.822
560 kiiro 101.0001.821
561 LowoiseHG 101.0001.821
562 0xyGen 101.0001.821
563 JamLive 101.0001.821
564 Termination 101.0001.820
565 Vidar 101.0001.820
566 LittleNarwhals 101.0001.820
567 rook1e 101.0001.820
568 ScriptBaby 101.0001.820
569 aaaaa123132 101.0001.819
570 humb1ec0ding 101.0001.819
571 uhmtoto 101.0001.819
572 watchdog 101.0001.819
573 noar2 101.0001.818
574 ssssssoooooos 101.0001.818
575 hellaluah 101.0001.818
576 SE_Lab 101.0001.818
577 lotto 101.0001.818
578 DotSecret 101.0001.817
579 Zonda 101.0001.817
580 spider 101.0001.817
581 ppeb15 101.0001.817
582 alfasin 101.0001.816
583 m4nn0r07h 101.0001.816
584 wtfftw 101.0001.816
585 Ripping 101.0000.908
586 badcofee 101.0000.908

Comments

UsbPort – May 12, 2018, 1:26 a.m.

all dressed up and nowhere to go

guest – May 12, 2018, 2:58 a.m.

unprofessional organization, there is no menu on the registration form that allows you to log in and save your password right away. they can not reset the password. bottomless communication - they got the message "Note: Please only register a single account per team." while there is a blockage and it is impossible to register more than one account, and the communication itself suggests as if it were possible. crowell dug me out of irc when I asked if he was kidding that I should register under a different team name. never again.

guest – May 12, 2018, 3:12 a.m.

and two more things, I'm just starting the game, but it was the first registration form that forced me to modify KeePass's rules just because someone frivolous invented super-secure passwords up to 72 characters in ctf. Providing in a clear way the address of the irc server also outgrew the organizers, but you must necessarily try to translate through the next useless pages. I hope that although creating tasks comes out much better than communicating. have a good time.

KevinChow – May 12, 2018, 5:16 a.m.

Status: timestamp is too recent?????

kdr – May 12, 2018, 3:02 p.m.

cancerous proofs of work everywhere

slenderestman – May 12, 2018, 5:51 p.m.

food was good

AntithesisConundrum – May 14, 2018, 2:09 a.m.

A good event - enough entry-level challenges that I didn't feel completely stumped, and some really cool challenges that I'm interested to see the writeups for!

Pharisaeus – May 14, 2018, 2:12 a.m.

In their "philosophy" they write about "Intellectually Rewarding Challenges" and "State-of-the-art Challenges" and then you get tasks like "bruteforce million user agents to get a flag"...

Asiral – May 14, 2018, 2:19 a.m.

Entry-level challenge does not mean to copy challenges of other CTFs! The `easy pisy` challenge was so lame for DEFCON! We'd already seen a couple of times in previous CTFs. In your philosophy you'd promised to design novel challenges!

fortenforge – May 14, 2018, 2:40 a.m.

I would leave a review, but your timestamp is too recent.

rubiya – May 14, 2018, 3:43 a.m.

where are you legitbs

mathboy7 – May 14, 2018, 3:54 a.m.

too many guessing, terrible challenges. Was it really "DEF CON"?

bincat99 – May 14, 2018, 4:10 a.m.

super duper kimchi oriental salad ;)

ghostly_gray – May 14, 2018, 4:14 a.m.

ugh.

dagnypimiskern – May 14, 2018, 4:21 a.m.

terrible challenges, the defcon has gone....

shiki7 – May 14, 2018, 4:36 a.m.

IMHO several challenges involved too much guessing, which are extremely frustrating and time-wasting, should not have appeared in a "DEFCON CTF".

kingofircandperlakadwn – May 14, 2018, 5:02 a.m.

wasn't really fair, i had to think about things other than intel ISA pwnables. often i had to guess because i didn't understand what the challenge was hinting at.

also they reused other CTF challenges OBVIOUSLY for example in several challenges you had to exploit memory corruption (booooring)

rated 100

cts – May 14, 2018, 6:41 a.m.

too much blind / guessing

s14ve – May 14, 2018, 9:42 a.m.

We liked that there were noob-friendly challenges, so even noob teams hadn't felt completely stomped.

Even if user-agent brute-force wasn't really that rewarding, (Mozilla 10 - 50). In the end, answer was obvious tho:),

80/100 (complaints about guessing are right)

noraj – May 14, 2018, 8:53 p.m.

sbva => guessing paroxysm ?

okas832 – May 15, 2018, 2:47 a.m.

I was confused when I see the kimchi guessing problems...

kanglib – May 15, 2018, 9:03 a.m.

geckome) Even kimchi hackers use mstsc instead of that webapp haha

Redford – May 15, 2018, 3:11 p.m.

I have mixed feelings about this CTF. Some challenges were really great, but a lot of others required guessing or were really unrewarding. The whole CTF seemed like the organizers enjoyed bullying players...

Some examples of things which were IMO especially bad:
- Proofs of work *everywhere*, even for not-resource-heavy tasks. Broken scoreboard PoW ("timestamp is too recent").
- The deadline for write-ups was 24h from the CTF end. This was announced only on IRC and Twitter, without mailing it to teams, so you might have missed this if you went to sleep right after the end. This wasn't mentioned before the CTF, it's not even in the rules!
- The challenges descriptions were removed right after the CTF end (the 24h deadline for write-ups was not enough to make our lives hard?).
- Some hints were published *only* on Twitter, which was spammed with tons of less interesting posts, so it was easy to miss them.
- "PHP Eval White-List" was totally broken (the organizers deployed wrong code to the chall server) and they have never fixed it (nor acknowledged the issue AFAIK).
- Guessing challs:
- BitFlipper - that coredump sending was totally illogical. We saw the message about sending coredumps, but how could anyone expect that it scans all files in the directory and parses ELF headers looking for e_type==ET_CORE?
- ghettohackers - do we really need such challenges...?
- geckome - 100% pain, 0% fun
- "surprise, your flag is in another castle" challs:
- BitFlipper - after spending 15h to dump the flag file, instead of the flag you received a message that there's a filter in between which looks for it and removes it from your output, so you had to start from the beginning.
- babypwn1805 - the server loaded a random libc on every run, which you could learn about only after writing the exploit which didn't take this into account.
- Inconsistent flag prefixes.
- Scoreboard with very bad UX. Hard to see which challs you've already solved, the whole challs page occupies 4 screens, no way to reset you password and many more of such little annoyances.

Ok, enough ranting for today :)

kdr – May 15, 2018, 9:19 p.m.

@Redford
It looks like was not the only one who did not like the PoWs...

maro – May 15, 2018, 9:20 p.m.

When we asked organizers why there is too much binary exploitation challenges they answered that it is time to learn pwn. Finally seems that they have also to learn Web, Crypto and For stuffs based on the quality of challenges we saw in those categories.
challenges variety was the big mess...

rsawald – May 16, 2018, 4:27 a.m.

Gosh!! Please, drop web next time or make it more challenging. The webs like gecko* were not related to anything security, and were unrealistic to real world scenario. They should have been brute-guessing along with BitFlipper and Ghetto Hackers -- non-realistic, non-security related stuff. It feels to me that not enough testing /review for the challenge has been done. Nobody can let this 4 challenges pass through and make it for DEF CON CTF Quals. Even, Webs are better in the worst rated CTF on ctftime. Anyways, many challenges were good.

0xbb – May 16, 2018, 12:20 p.m.

Mixed feelings :
Shitload of great binary foo in many places and generally good CTF!
Getting everything right when running a CTF is really hard.
The organizers did a very good job and we don't agree with the hate in the comments.

But lots unnecessary guessing in challenges: ghettohackers, geckome, www (handing out wrong hashes instead of the binary).
php eval offered the wrong binary as a download, but it was anyhow totally broken.
I found sbva really unrewarding.
babypwn1805 finding the flag after exploitation was really uncool.
Maybe a better quality control instead of publishing philosophies would help.
Please stick with one flag format!

PoW was not a problem for us, but could be removed on the scoreboard if you check timestamps anyhow?
Totally awesome scoreboard design otherwise.

Announcements via Twitter only could easily be missed.

The infrastructure was very stable and worked well for us.

We enjoyed it a huge lot! :)

guest – May 19, 2018, 11:28 a.m.

Am I the only one who had a problem with entering the correct password on the registration form? Have you seen any guidance regarding password requirements, except the strange length for the password up to 72 chars?
Have you seen any comment on why password reset is turned off? Any comment regarding the lack of a login menu? is it intuitive for you that the control panel and menu can be found on scoreboard subdomain?
Is it intuitive to look at the scoreboard few days before the competition starts?

TheEmperors – May 29, 2018, 12:19 p.m.

Hi
Thanks for CTF.
But where is the scoreboard ?
Many teams have missed the public rating
And even though, there is still no scoreboard