Fri, 10 Aug. 2018, 17:00 UTC — Sun, 12 Aug. 2018, 21:00 UTC 

On-site

Las Vegas, NV

DEF CON CTF event.

Format: Attack-Defense Attack-Defense

Official URL: http://defcon.org/

This event's weight is subject of public voting!

Future weight: 72.50 

Rating weight: 68.75 

Event organizers 


Prizes

8 DEF CON black badges
8 DEF CON leather jackets

Scoreboard

24 teams total

PlaceTeamCTF pointsRating points
1 DEFKOR00T 940.000137.500
2 Plaid Parliament of Pwning 914.000101.223
3 HITCON 726.00076.015
4 A*0*E 712.00069.262
5 Sauercloud 672.00062.899
6 Tea Deliverers 616.00056.512
7 mhackeroni 547.00049.828
8 binja 518.00046.479
9 Dragon Sector 398.00036.748
10 RPISEC 397.00035.911
11 Samurai 396.00035.213
12 BFS 384.00033.814
13 C.G.K.S 383.00033.300
14 PwnThyBytes 379.00032.630
15 koreanbadass 373.00031.864
16 0daysober 363.00030.846
17 TokyoWesterns 361.00030.447
18 r3kapig 341.00028.760
19 NASA Rejects 325.00027.388
20 hxp 309.00026.037
21 KaisHack+PLUS+GoN 304.00025.508
22 TeamBaguette 272.00023.019
23 pasten 264.00022.298
24 Shellphish 238.00010.136
Redford – Aug. 18, 2018, 12:03 a.m.

Unfortunately I didn't enjoy this CTF much. Although the organizers had very nice ideas for the rules, the implementation of everything was really bad :(

Good things:
- Challenges were removed after some time (which is IMO good for A/D, you don't have to look at one challenge for the whole 48h).
- The organizers were nice and helpful.
- I liked the idea with testing user patches by the organizers before deployment.
- Music wasn't as loud as on previous DEF CON CTFs.
- The number of challenges was small, so non-US teams which couldn't afford sending 30 people to Vegas still had some change to win.

Bad things:
- Terrible Internet connection (but on the last day it was ok).
- There was no scoreboard available for the whole competition (excluding one projector, but it wasn't visible from our table).
- Challenge binaries weren't mirrored locally, so we needed to download them using the slow connection.
- Both CTF network and Internet connection shared the same throughput limit, so downloading anything could break your exploits.
- For the first few hours there was only one challenge available, so there wasn't too much to do, even for small teams.
- The music/videos in the CTF area were literally 10-20 different annoying videos run in a loop. Please play something less annoying or at least make the playlist longer.
- The rules weren't precisely defined, e.g. the normalization part was totally unclear to us.
- Patching system was totally broken for the whole first day, the organizers verified them by hand.
- No food or soft drinks provided :(
- No travel reimbursement + no team size limit - it's *much* harder for non-US teams to compete here.
- "pointless" challenge - I spent more than 20h reversing and analyzing the challenge binary only to not be able to connect to the server, because the organizers failed to host it properly.
- Hidden scoreboard on the last day - I really hate this idea, but it's probably very subjective ;)