Road to Vegas – DefCon CTF 2015

Road to Vegas – DefCon CTF 2015

DefCon is one of the world’s largest hacker conventions, held annually since 1993. Attendees include computer security professionals, journalists, lawyers, federal government employees, security researchers, and hackers. The one thing they have in common? A general interest in “cracking” things.

This is particularly true for teams participating in the Defcon Capture the Flag competition. This is one of the oldest contests at Defcon, dating back to 1997. According to organizers 4407 players, 1472 teams, and over 4000 unique IP addresses participated in the qualification round to earn a place at the Las Vegas finals this year.

Only the top 15 teams were invited to DefCon to test their skills in a 24 hour competition. We’re proud to say that this year, Tresorit cryptographers are joining forces with CrySyS Lab and will be competing in Vegas as  team !SpamAndHex.

Ranking 7th overall and earning a ticket to the Las Vegas finals is quite an accomplishment. DefCon CTF is only for top hackers: only 284 teams were able to score even a single point out of 1472 teams in the qualifier round. Qualification is similar to the Olympics and other sporting events. A qualification weekend pits teams against a set of challenges and the clock. Only teams with the most points at the end are invited to participate in person at DefCon.

This year’s challenge was built on 6 topics. Some of them were meant to be warm up tasks (like Baby’s First). Others tested the team’s coding skills (Coding Challenge). Still others focused exclusively on understanding and breaking complicated programs (Pwnable, Reverse Engineering).

KT, Tresorit’s lead security engineer notes that there were several challenges using the same data storage format that we use in Tresorit, which gave the team a slight advantage. Overall, of course, DefCon CTF is a really tough game. One that is worth playing, if you’re looking to prove your security chops :).

If you are interested in the challenges, visit DefCon’s site for write-ups and more info.

How to prepare for the final challenge?

The final challenge is usually an attack-defense model game. It is DefCon tradition that the organizers choose an almost completely unknown platform for the game. This ensures that veterans (like PPP struggle as much as first time attendees like !SpamAndHex. Preparing for complex, unknown situations is not easy. We will see how !SpamAndHex does in August – they promised a quick summary of the competition for the Tresorit blog.

Fingers crossed – we are proud of you, team !SpamAndHex.