IPS is a simple Intrusion Prevention System (I guess?). The core functionality is simple: the gameserver will add a flag via a Python service, store that flag in a file (by default flags.txt) and invoke a custom kernel module called ips through /proc/ips/add.

Ok, so that sounds easy to exploit, so let’s just go ahead and grab flags.txt from other teams. If we try to do so, e.g., using curl, we see some output (especially later in the game), but at some point the connection is throttled and comes to a halt. So, why is that?

For full write-up, see the link.