Sat, 12 May 2018, 00:00 UTC — Mon, 14 May 2018, 00:00 UTC 

On-line

DEF CON CTF Qualifier event.

Format: Jeopardy Jeopardy

Official URL: http://oooverflow.io/

This event's future weight is subject of public voting!

Future weight: 57.39 

Rating weight: 72.53 

Event organizers 

Scoreboard

585 teams total

PlaceTeamCTF pointsRating points
1 Samurai 4294.000145.060
2 mhackeroni 4066.000104.944
3 Plaid Parliament of Pwning 3909.00090.204
4 Sauercloud 3815.00082.572
5 RPISEC 3670.00076.496
6 Tea Deliverers 3650.00073.741
7 KaisHack+PLUS+GoN 3462.00068.838
8 HITCON 3272.00064.334
9 Shellphish 2742.00054.374
10 Dragon Sector 2679.00052.504
11 koreanbadass 2536.00049.429
12 Via Vee 2439.00047.241
13 0daysober 2245.00043.500
14 binja 2211.00042.527
15 C.G.K.S 2194.00041.894
16 r00timentary 2194.00041.592
17 DEFKOR 2150.00040.582
18 PwnThyBytes 2090.00039.332
19 TokyoWesterns 2090.00039.120
20 hxp 2089.00038.912
21 JD-r3kapig 1986.00036.999
22 BFS 1971.00036.589
23 NASA Rejects 1866.00034.672
24 TeamBaguette 1800.00033.426
25 !SpamAndHex 1785.00033.052
26 perfect blue 1600.00029.815
27 Tasteless 1585.00029.459
28 5BC 1470.00027.420
29 LC↯BC 1454.00027.061
30 securisecctf 1449.00026.893
31 Validity 1399.00025.970
32 CLGT 1370.00025.407
33 Never Stop Exploiting 1282.00023.852
34 dcua 1274.00023.652
35 galhacktictrendsetters 1259.00023.338
36 xSTT 1196.00022.216
37 Bushwhackers 1167.00021.672
38 ElectroBoard 1152.00021.367
39 hackmissile 1150.00021.284
40 team enu 1145.00021.153
41 HackAtSeoul 1123.00020.738
42 AbsentChefs 1106.00020.408
43 Azure Assassin Alliance 999.00018.561
44 upbhack 948.00017.661
45 In`shellah 920.00017.152
46 p4 891.00016.627
47 BAH-Humbug 884.00016.475
48 Hexpresso 875.00016.291
49 Neg9 864.00016.074
50 VoidHack 785.00014.710
51 Harekaze 780.00014.597
52 Shell Collecting Club 771.00014.418
53 lightly salted peanuts 768.00014.341
54 noraneco 757.00014.130
55 ASIS 754.00014.055
56 pixels 754.00014.031
57 EmpireCTF 754.00014.008
58 ChocolateMakers 749.00013.902
59 secse 746.00013.830
60 WhatTheSheep 746.00013.810
61 RiceSec 746.00013.790
62 LosFuzzys 743.00013.720
63 WE_0WN_Y0U 743.00013.701
64 badfirmware 743.00013.683
65 cyon 680.00012.602
66 TeamAardvark 661.00012.264
67 AlmaFA 660.00012.231
68 0xbadf00d 645.00011.961
69 Knights of the DROP TABLE 642.00011.895
70 Apex 642.00011.880
71 shellrippers 636.00011.764
72 $ℂ$ 636.00011.750
73 ManceRadare2 636.00011.736
74 YoungPwnawans 636.00011.723
75 cyberkastike 633.00011.659
76 ids-TeamCC 633.00011.646
77 PersianCats 633.00011.634
78 HackerDom 633.00011.622
79 Epic Leet Team 633.00011.610
80 Hackademia 625.00011.464
81 Pandemic 625.00011.452
82 FireShell 625.00011.441
83 ddosattacks 625.00011.431
84 RTFM 625.00011.420
85 0e85dc6eaf 625.00011.410
86 PKTeam 625.00011.400
87 YOKARO-MON 625.00011.391
88 tuna 625.00011.381
89 ID-10-T 625.00011.372
90 Limpopo 625.00011.363
91 noxale 625.00011.354
92 P@nic! 563.00010.298
93 TeamMugit 534.0009.800
94 vuls 532.0009.758
95 !soBad 532.0009.749
96 凝聚网安工作室 529.0009.691
97 hinazuru 521.0009.548
98 TheYellingCow 521.0009.540
99 The Northern Coalition 521.0009.533
100 underhill 521.0009.526
101 yohanes 521.0009.518
102 InfoSecIITR 521.0009.511
103 OSI Layer 8 521.0009.504
104 0x4556368625 521.0009.498
105 y12uN 521.0009.491
106 Ph0t1n1a 521.0009.484
107 ▲▲▲ 521.0009.478
108 Dogod 515.0009.370
109 NYUSEC 515.0009.364
110 Contagion 515.0009.358
111 OpenToAll 515.0009.352
112 DokuDempa 515.0009.346
113 Lorem Checksum 515.0009.341
114 WeAreNotPrepared 515.0009.335
115 Made In MIM 515.0009.330
116 validity1 515.0009.324
117 SSAT 515.0009.319
118 ARGOS 515.0009.314
119 HMPerson1 515.0009.308
120 IISEC-mochigoma 515.0009.303
121 ICST_NOT_NCCST 515.0009.298
122 UAFCSC 515.0009.293
123 CyberCholos 515.0009.289
124 Invulnerable 515.0009.284
125 onotch 515.0009.279
126 HackXore 515.0009.275
127 Don'tPanic! 515.0009.270
128 Rapace Diabolique 515.0009.266
129 TheEmperors 515.0009.261
130 ShineShadow 515.0009.257
131 UCI_Cyber 515.0009.253
132 IrishBunnies 436.0007.914
133 sheldon2 433.0007.859
134 Neutrino_Cannon 428.0007.771
135 hxzene 425.0007.716
136 SiBears 425.0007.712
137 kosh 425.0007.708
138 Juniter 419.0007.603
139 secteam 419.0007.599
140 FresherMan 417.0007.562
141 cr00se elroy 417.0007.558
142 VXRL 417.0007.554
143 Xp0int 417.0007.551
144 TheSpaniards 417.0007.547
145 katagaitai 417.0007.544
146 Knightsec 417.0007.540
147 AnomalousMaterials 411.0007.436
148 Tempest 411.0007.432
149 Ten*48 411.0007.429
150 technic 411.0007.426
151 aslrulz 411.0007.423
152 WeBareBears 411.0007.419
153 bi0s 411.0007.416
154 [TechnoPandas] 411.0007.413
155 Pwnium 411.0007.410
156 luxeria 411.0007.407
157 CarrotSuitMen 411.0007.404
158 dtdt 411.0007.401
159 CyB3r1 411.0007.398
160 RunCMD 411.0007.396
161 BORG 411.0007.393
162 defragmented brains 411.0007.390
163 0xD13A 411.0007.387
164 b0tch_sec 411.0007.384
165 I'm GGonna 411.0007.382
166 T0X1C V4P0R 411.0007.379
167 Buzz3d 411.0007.377
168 amuncic 411.0007.374
169 FiveTree 411.0007.371
170 yharima 411.0007.369
171 paid2penetrate 411.0007.366
172 saarsec 411.0007.364
173 Rapadura 411.0007.361
174 White Orchid 411.0007.359
175 BSLabs 411.0007.357
176 0x34044 411.0007.354
177 kazuaa 335.0006.068
178 Colonel0x20 335.0006.066
179 JohnDoe 327.0005.929
180 fishhsif 315.0005.724
181 73mp31 313.0005.688
182 Fujisawa 310.0005.635
183 PwnaSonic 310.0005.633
184 0xBADA55 309.0005.614
185 NDSU_Cyber_Bison_Gold 309.0005.611
186 beerpwn 309.0005.609
187 fugashi 309.0005.607
188 VAPORSEC 307.0005.571
189 glua.team 307.0005.569
190 i81109 307.0005.567
191 WishYouWereHere 307.0005.565
192 K.Knock 307.0005.563
193 pwndevilsasu 307.0005.561
194 SecurityFactorial 307.0005.559
195 Vulntron 307.0005.557
196 tokumeiusagi 307.0005.556
197 Lerdsuwa 307.0005.554
198 BabyPhD 307.0005.552
199 vand 307.0005.550
200 m1z0r3 307.0005.548
201 De1ta_ 307.0005.546
202 Pronoia 307.0005.545
203 Nnnaaa... 307.0005.543
204 losiny 307.0005.541
205 Exponential 307.0005.539
206 ThreatLevelMidnight 307.0005.538
207 T1pst4r 307.0005.536
208 coyote 307.0005.534
209 Nightmare Mechasheep 307.0005.533
210 cafejoa 307.0005.531
211 shellgamez 307.0005.529
212 Solo 307.0005.528
213 indo8 307.0005.526
214 hAIXer 307.0005.524
215 mlr0p 307.0005.523
216 N0t_Y0u 307.0005.521
217 secsi 307.0005.520
218 irGeeks 307.0005.518
219 w33t34m 307.0005.517
220 farmingsimulator2015 307.0005.515
221 secspirit 307.0005.514
222 胖二翁 307.0005.512
223 胖四海1 307.0005.511
224 rmrfslash 307.0005.509
225 胖四方 307.0005.508
226 kopipacket2 307.0005.506
227 FuckingHellLetMeLogIN 307.0005.505
228 bolgia4 307.0005.504
229 madhaxers 307.0005.502
230 RF 307.0005.501
231 CTF-infinit 307.0005.500
232 ElderWang 307.0005.498
233 NIS 307.0005.497
234 sunny_place_e04va8nkcmj9 307.0005.495
235 r 307.0005.494
236 int3pids 307.0005.493
237 10n3r 307.0005.492
238 rawsec 307.0005.490
239 ReasonCtf 307.0005.489
240 ToyPoodleBites 307.0005.488
241 Cse 307.0005.486
242 Just_M3 307.0005.485
243 WeaponisedSarcasm 307.0005.484
244 jsutset 233.0004.233
245 BluntForceTrauma 225.0004.097
246 luponed 223.0004.062
247 CultDeadChupacabras 222.0004.043
248 Stack 211.0003.856
249 DigRev 211.0003.855
250 Av3ng3rs_1n1t14t1v3 211.0003.854
251 grzegol 211.0003.853
252 UNCC 208.0003.801
253 Phish'n'Chips 208.0003.800
254 fivestarsunburst 206.0003.765
255 grc 206.0003.764
256 TeamAZ 206.0003.763
257 #Thacket; 206.0003.762
258 P2PPressure 206.0003.761
259 Ascope 206.0003.760
260 KEEPER 206.0003.759
261 bl@m3t43c@t 205.0003.741
262 /bad 205.0003.739
263 FruitSnacks 205.0003.738
264 cbs 205.0003.737
265 _ 205.0003.736
266 VeleBit 205.0003.735
267 $criptKiddies 205.0003.734
268 Xhunter 205.0003.733
269 WAKANDA_FOREVER! 205.0003.732
270 g30 205.0003.731
271 just_r0b 205.0003.730
272 showeremoji 205.0003.729
273 eval 205.0003.728
274 blueship 205.0003.727
275 MonSec 205.0003.726
276 bananagoat 205.0003.725
277 Yamagi.com 205.0003.724
278 pengabc 205.0003.724
279 The Lynebackers 205.0003.723
280 CatPawn 205.0003.722
281 PPAP_Dance 205.0003.721
282 Youalreadyknow 205.0003.720
283 stankc 205.0003.719
284 Hash Slinging Hackers 205.0003.718
285 DBCooper 205.0003.717
286 katamon 205.0003.716
287 Guest9282322 205.0003.715
288 Coxxs 205.0003.714
289 brucel33t 203.0003.680
290 X1cT34m 203.0003.679
291 toolate 203.0003.678
292 i_asked_jeeves 203.0003.677
293 Ggoggoma 203.0003.676
294 ConfigConsole 203.0003.676
295 HNN4ABO 203.0003.675
296 Security First 203.0003.674
297 110_team 203.0003.673
298 1064CBread 203.0003.672
299 pandasys 203.0003.671
300 Rebyc 203.0003.671
301 kichung 203.0003.670
302 wwwllkk 203.0003.669
303 blockchain878787 203.0003.668
304 ByteBandits 203.0003.667
305 y0d31 203.0003.667
306 madmonies 203.0003.666
307 hack4fun! 203.0003.665
308 win&cloud 203.0003.664
309 TeamNotFound 203.0003.664
310 flteam 203.0003.663
311 IGRUS 203.0003.662
312 shhoya 203.0003.661
313 the cr0wn 203.0003.661
314 jackestax 203.0003.660
315 MhackGyver 203.0003.659
316 se0g1 203.0003.658
317 r4mg7hund3r 203.0003.658
318 os1913 203.0003.657
319 snack_canary 203.0003.656
320 MSTUCA 203.0003.656
321 Loners 203.0003.655
322 GOBBLES 203.0003.654
323 blobby 203.0003.653
324 UCCU 203.0003.653
325 VanceCTF 203.0003.652
326 Divas hit the road 203.0003.651
327 mityada 203.0003.651
328 ctf_und_so 203.0003.650
329 CaptureTheFrog 203.0003.649
330 X10Sec 203.0003.649
331 WeCool 203.0003.648
332 crayontheft 203.0003.647
333 Beast 203.0003.647
334 AoToI 203.0003.646
335 bobgil 203.0003.645
336 Freakazoids 203.0003.645
337 Gadol 203.0003.644
338 Platypodes 203.0003.643
339 memyselfandi 203.0003.643
340 DevoMeat 203.0003.642
341 AddPayphones 203.0003.642
342 justCatTheFish 203.0003.641
343 M.5.F.4 203.0003.640
344 HoT 203.0003.640
345 wight 203.0003.639
346 6duk 203.0003.638
347 ShortestMonth 203.0003.638
348 PDKT 203.0003.637
349 Batman's Kitchen 203.0003.637
350 SYPER 203.0003.636
351 TryTry 203.0003.636
352 nacayoshi00 203.0003.635
353 fi 203.0003.634
354 BlockchainEnabledMulti-LevelCloudBasedCorporateSynergyforSmartThingsofInternet 203.0003.634
355 .elite 203.0003.633
356 Nepalian 203.0003.633
357 nonamana 203.0003.632
358 qqqqq 203.0003.631
359 SnowSeal 203.0003.631
360 Dancing Simpletons 203.0003.630
361 dotsu- 203.0003.630
362 CS-WAT 203.0003.629
363 OPT 203.0003.629
364 Hackthissite 203.0003.628
365 SMlee 203.0003.628
366 I_AM_gROOT 203.0003.627
367 f1yyy 151.0002.748
368 africaking 121.0002.241
369 p0k3r 104.0001.953
370 keep 104.0001.953
371 hime14 104.0001.952
372 jiva 104.0001.952
373 LonelyBit 104.0001.951
374 1pwnch 104.0001.951
375 I’m GGonna 104.0001.950
376 0xB455r0p 104.0001.950
377 SubZero 104.0001.949
378 nemo 104.0001.949
379 0x1f5 104.0001.948
380 RockRiver 104.0001.948
381 qweqweqwe 104.0001.947
382 awg 104.0001.947
383 starPt 104.0001.946
384 ATeam 104.0001.946
385 Adnan_Slef 104.0001.945
386 ch3ny4n6 104.0001.945
387 dankhax0r 104.0001.944
388 0?#3XK 104.0001.944
389 Team1234567 104.0001.943
390 N.Korea 104.0001.943
391 vanhelsing 104.0001.942
392 TonyLoserFace 104.0001.942
393 CyBest 104.0001.941
394 dirtymikeandtheboyz 104.0001.941
395 DENKOSEKKA 104.0001.940
396 QQQQQQ 104.0001.940
397 NUCL3@R 104.0001.939
398 Soy 104.0001.939
399 Pwn Leak 104.0001.938
400 DeltaStrikeOp 104.0001.938
401 pwners 104.0001.938
402 n0body 102.0001.903
403 hawaiijohn 102.0001.903
404 LSE 102.0001.902
405 HiXoR 102.0001.902
406 Infinite loop 102.0001.902
407 David's here, now it's a party 102.0001.901
408 TwoWayTieForLast 102.0001.901
409 n0psledbyte 102.0001.900
410 kernel_panic 102.0001.900
411 swt02026 102.0001.899
412 tiredman 102.0001.899
413 invalid 102.0001.899
414 hyde4 102.0001.898
415 khide 102.0001.898
416 Yes 102.0001.897
417 ISITDTU 102.0001.897
418 IND 102.0001.896
419 river 102.0001.896
420 xxxxxx 102.0001.896
421 Devhat 102.0001.895
422 RevEng 102.0001.895
423 In'shallah 102.0001.894
424 1nv@l1d 102.0001.894
425 Kandros 102.0001.894
426 Lunas 102.0001.893
427 Retr0id 102.0001.893
428 E42494 102.0001.892
429 ex0ns 102.0001.892
430 soloso 102.0001.892
431 EPAD 102.0001.891
432 CyRadar 102.0001.891
433 0xdardas 102.0001.890
434 H3x Pr0ph3ts 102.0001.890
435 evey 102.0001.890
436 dictat0rs.php 102.0001.889
437 hack_free 102.0001.889
438 SIGFLAG_ 102.0001.888
439 BTeam 102.0001.888
440 Z-OneX 102.0001.888
441 3BlindNerds 102.0001.887
442 isbjorn 102.0001.887
443 PAsec 102.0001.887
444 AUTHority 102.0001.886
445 UnKn0wn 102.0001.886
446 Caerus 102.0001.886
447 TheWereCicadas 102.0001.885
448 o0i9u88 102.0001.885
449 p4wnWAT 102.0001.884
450 Kernelsanders 102.0001.884
451 Hackday 101.0001.867
452 kek 101.0001.866
453 LooneyToons 101.0001.866
454 XTZ 101.0001.866
455 alexander 101.0001.865
456 space copybaras 101.0001.865
457 NULL Life 101.0001.865
458 no_team_like_this_team 101.0001.864
459 The Art Of Exploration 101.0001.864
460 5ffcc4e309ab20a2cc2f2b669e5f05e5 101.0001.864
461 HexQueens 101.0001.863
462 IloveBaguette 101.0001.863
463 TeamCyprus 101.0001.863
464 TokyoForest 101.0001.862
465 shadowCrack 101.0001.862
466 GRIN 101.0001.862
467 H3X0R 101.0001.861
468 Curiosity 101.0001.861
469 OTR 101.0001.861
470 TeamNotFound123 101.0001.860
471 nopdata 101.0001.860
472 AOR 101.0001.860
473 DefconHackers 101.0001.859
474 Codename:PineApple 101.0001.859
475 Wolves 101.0001.859
476 Slug Security 101.0001.858
477 moveaxebx 101.0001.858
478 CuChuoiChamMuoi 101.0001.858
479 it4lian_inf4ntry 101.0001.857
480 bzbzbz 101.0001.857
481 wasamusume 101.0001.857
482 3NIGM4 101.0001.856
483 shadowlolz 101.0001.856
484 IHP&C 101.0001.856
485 bebop-squad 101.0001.856
486 U+1F4A3 101.0001.855
487 topkek 101.0001.855
488 Telegram 101.0001.855
489 test0000 101.0001.854
490 민준이는멍멍 101.0001.854
491 kk28 101.0001.854
492 solotraveler 101.0001.853
493 삐융삐융 101.0001.853
494 DISC 101.0001.853
495 MadHat 101.0001.853
496 owo 101.0001.852
497 eciph3r 101.0001.852
498 ch4n3 101.0001.852
499 Sorena 101.0001.851
500 smakaduta 101.0001.851
501 Code_Black 101.0001.851
502 Teppay 101.0001.850
503 KOBE 101.0001.850
504 Halo.no 101.0001.850
505 sezhuo 101.0001.850
506 azertyuiop 101.0001.849
507 TheFlagIsNotHere 101.0001.849
508 Testing999 101.0001.849
509 ZenHack 101.0001.848
510 babybaby 101.0001.848
511 fadam 101.0001.848
512 Hodor 101.0001.848
513 test12 101.0001.847
514 Sibnew 101.0001.847
515 ret2fail 101.0001.847
516 eavesdroppers 101.0001.847
517 Red_Falcon 101.0001.846
518 pyc3 101.0001.846
519 Badf00d 101.0001.846
520 3zStyl3 101.0001.845
521 noar 101.0001.845
522 Sleepy 101.0001.845
523 Ethical Hackers Club 101.0001.845
524 infini.inc 101.0001.844
525 6l0ry 101.0001.844
526 CyberAces 101.0001.844
527 Oblivion 101.0001.844
528 GRSEC_TEAM 101.0001.843
529 webprog 101.0001.843
530 a_i 101.0001.843
531 commie 101.0001.843
532 aiueo 101.0001.842
533 ohboi 101.0001.842
534 TeamHM 101.0001.842
535 Charles_Yang 101.0001.842
536 NovaSentinel 101.0001.841
537 PT 101.0001.841
538 Group14 101.0001.841
539 zamoureux 101.0001.841
540 Newbs 101.0001.840
541 pirates 101.0001.840
542 IamError 101.0001.840
543 Intothe_nw0 101.0001.840
544 f.killrra 101.0001.839
545 argaz 101.0001.839
546 NULLKrypt3rs 101.0001.839
547 b_b4ndits 101.0001.839
548 DontMindMe 101.0001.838
549 NoobTubeExtraordinaire 101.0001.838
550 S3sh2 101.0001.838
552 marshmallowcalpis 101.0001.837
553 NtroCubane 101.0001.837
554 TheSynfulAcks 101.0001.837
555 rutrack 101.0001.837
556 NCC1701D 101.0001.836
557 KółkoRozpustyMaryja 101.0001.836
558 poop 101.0001.836
559 GUDUBET 101.0001.836
560 kiiro 101.0001.836
561 LowoiseHG 101.0001.835
562 0xyGen 101.0001.835
563 JamLive 101.0001.835
564 Termination 101.0001.835
565 Vidar 101.0001.834
566 LittleNarwhals 101.0001.834
567 rook1e 101.0001.834
568 ScriptBaby 101.0001.834
569 aaaaa123132 101.0001.833
570 humb1ec0ding 101.0001.833
571 uhmtoto 101.0001.833
572 watchdog 101.0001.833
573 noar2 101.0001.833
574 ssssssoooooos 101.0001.832
575 hellaluah 101.0001.832
576 SE_Lab 101.0001.832
577 lotto 101.0001.832
578 DotSecret 101.0001.831
579 Zonda 101.0001.831
580 spider 101.0001.831
581 ppeb15 101.0001.831
582 alfasin 101.0001.831
583 m4nn0r07h 101.0001.830
584 wtfftw 101.0001.830
585 Ripping 101.0000.915
586 badcofee 101.0000.915
UsbPortMay 12, 2018, 1:26 a.m.

all dressed up and nowhere to go


guestMay 12, 2018, 2:58 a.m.

unprofessional organization, there is no menu on the registration form that allows you to log in and save your password right away. they can not reset the password. bottomless communication - they got the message "Note: Please only register a single account per team." while there is a blockage and it is impossible to register more than one account, and the communication itself suggests as if it were possible. crowell dug me out of irc when I asked if he was kidding that I should register under a different team name. never again.


guestMay 12, 2018, 3:12 a.m.

and two more things, I'm just starting the game, but it was the first registration form that forced me to modify KeePass's rules just because someone frivolous invented super-secure passwords up to 72 characters in ctf. Providing in a clear way the address of the irc server also outgrew the organizers, but you must necessarily try to translate through the next useless pages. I hope that although creating tasks comes out much better than communicating. have a good time.


KevinChowMay 12, 2018, 5:16 a.m.

Status: timestamp is too recent?????


kdrMay 12, 2018, 3:02 p.m.

cancerous proofs of work everywhere


slenderestmanMay 12, 2018, 5:51 p.m.

food was good


AntithesisConundrumMay 14, 2018, 2:09 a.m.

A good event - enough entry-level challenges that I didn't feel completely stumped, and some really cool challenges that I'm interested to see the writeups for!


PharisaeusMay 14, 2018, 2:12 a.m.

In their "philosophy" they write about "Intellectually Rewarding Challenges" and "State-of-the-art Challenges" and then you get tasks like "bruteforce million user agents to get a flag"...


AsiralMay 14, 2018, 2:19 a.m.

Entry-level challenge does not mean to copy challenges of other CTFs! The `easy pisy` challenge was so lame for DEFCON! We'd already seen a couple of times in previous CTFs. In your philosophy you'd promised to design novel challenges!


fortenforgeMay 14, 2018, 2:40 a.m.

I would leave a review, but your timestamp is too recent.


rubiyaMay 14, 2018, 3:43 a.m.

where are you legitbs


mathboy7May 14, 2018, 3:54 a.m.

too many guessing, terrible challenges. Was it really "DEF CON"?


bincat99May 14, 2018, 4:10 a.m.

super duper kimchi oriental salad ;)


ghostly_grayMay 14, 2018, 4:14 a.m.

ugh.


dagnypimiskernMay 14, 2018, 4:21 a.m.

terrible challenges, the defcon has gone....


shiki7May 14, 2018, 4:36 a.m.

IMHO several challenges involved too much guessing, which are extremely frustrating and time-wasting, should not have appeared in a "DEFCON CTF".


kingofircandperlakadwnMay 14, 2018, 5:02 a.m.

wasn't really fair, i had to think about things other than intel ISA pwnables. often i had to guess because i didn't understand what the challenge was hinting at.

also they reused other CTF challenges OBVIOUSLY for example in several challenges you had to exploit memory corruption (booooring)

rated 100


ctsMay 14, 2018, 6:41 a.m.

too much blind / guessing


s14veMay 14, 2018, 9:42 a.m.

We liked that there were noob-friendly challenges, so even noob teams hadn't felt completely stomped.

Even if user-agent brute-force wasn't really that rewarding, (Mozilla 10 - 50). In the end, answer was obvious tho:),

80/100 (complaints about guessing are right)


norajMay 14, 2018, 8:53 p.m.

sbva => guessing paroxysm ?


okas832May 15, 2018, 2:47 a.m.

I was confused when I see the kimchi guessing problems...


kanglibMay 15, 2018, 9:03 a.m.

geckome) Even kimchi hackers use mstsc instead of that webapp haha


RedfordMay 15, 2018, 3:11 p.m.

I have mixed feelings about this CTF. Some challenges were really great, but a lot of others required guessing or were really unrewarding. The whole CTF seemed like the organizers enjoyed bullying players...

Some examples of things which were IMO especially bad:
- Proofs of work *everywhere*, even for not-resource-heavy tasks. Broken scoreboard PoW ("timestamp is too recent").
- The deadline for write-ups was 24h from the CTF end. This was announced only on IRC and Twitter, without mailing it to teams, so you might have missed this if you went to sleep right after the end. This wasn't mentioned before the CTF, it's not even in the rules!
- The challenges descriptions were removed right after the CTF end (the 24h deadline for write-ups was not enough to make our lives hard?).
- Some hints were published *only* on Twitter, which was spammed with tons of less interesting posts, so it was easy to miss them.
- "PHP Eval White-List" was totally broken (the organizers deployed wrong code to the chall server) and they have never fixed it (nor acknowledged the issue AFAIK).
- Guessing challs:
- BitFlipper - that coredump sending was totally illogical. We saw the message about sending coredumps, but how could anyone expect that it scans all files in the directory and parses ELF headers looking for e_type==ET_CORE?
- ghettohackers - do we really need such challenges...?
- geckome - 100% pain, 0% fun
- "surprise, your flag is in another castle" challs:
- BitFlipper - after spending 15h to dump the flag file, instead of the flag you received a message that there's a filter in between which looks for it and removes it from your output, so you had to start from the beginning.
- babypwn1805 - the server loaded a random libc on every run, which you could learn about only after writing the exploit which didn't take this into account.
- Inconsistent flag prefixes.
- Scoreboard with very bad UX. Hard to see which challs you've already solved, the whole challs page occupies 4 screens, no way to reset you password and many more of such little annoyances.

Ok, enough ranting for today :)


kdrMay 15, 2018, 9:19 p.m.

@Redford
It looks like was not the only one who did not like the PoWs...


maroMay 15, 2018, 9:20 p.m.

When we asked organizers why there is too much binary exploitation challenges they answered that it is time to learn pwn. Finally seems that they have also to learn Web, Crypto and For stuffs based on the quality of challenges we saw in those categories.
challenges variety was the big mess...


rsawaldMay 16, 2018, 4:27 a.m.

Gosh!! Please, drop web next time or make it more challenging. The webs like gecko* were not related to anything security, and were unrealistic to real world scenario. They should have been brute-guessing along with BitFlipper and Ghetto Hackers -- non-realistic, non-security related stuff. It feels to me that not enough testing /review for the challenge has been done. Nobody can let this 4 challenges pass through and make it for DEF CON CTF Quals. Even, Webs are better in the worst rated CTF on ctftime. Anyways, many challenges were good.


0xbbMay 16, 2018, 12:20 p.m.

Mixed feelings :
Shitload of great binary foo in many places and generally good CTF!
Getting everything right when running a CTF is really hard.
The organizers did a very good job and we don't agree with the hate in the comments.

But lots unnecessary guessing in challenges: ghettohackers, geckome, www (handing out wrong hashes instead of the binary).
php eval offered the wrong binary as a download, but it was anyhow totally broken.
I found sbva really unrewarding.
babypwn1805 finding the flag after exploitation was really uncool.
Maybe a better quality control instead of publishing philosophies would help.
Please stick with one flag format!

PoW was not a problem for us, but could be removed on the scoreboard if you check timestamps anyhow?
Totally awesome scoreboard design otherwise.

Announcements via Twitter only could easily be missed.

The infrastructure was very stable and worked well for us.

We enjoyed it a huge lot! :)


guestMay 19, 2018, 11:28 a.m.

Am I the only one who had a problem with entering the correct password on the registration form? Have you seen any guidance regarding password requirements, except the strange length for the password up to 72 chars?
Have you seen any comment on why password reset is turned off? Any comment regarding the lack of a login menu? is it intuitive for you that the control panel and menu can be found on scoreboard subdomain?
Is it intuitive to look at the scoreboard few days before the competition starts?


TheEmperorsMay 29, 2018, 12:19 p.m.

Hi
Thanks for CTF.
But where is the scoreboard ?
Many teams have missed the public rating
And even though, there is still no scoreboard