DEFCON 201 Online CTF Practice Challenge — DEF CON CTF 2020 Qualifier — May 15th-May 17th
Welcome to the DEF CON CTF 2020 Qualifier!
For over two years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Winter 2020), DC201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.
This Friday, from May 15th, 8:00 PM EST to May 17th, 8:00 PM EST, we invite all DEFCON 201 Members, Attendees and Fans to help us hack the DEF CON CTF 2020 Qualifier!
NOTE: We will also be working on the DEF CON CTF 2020 Qualifier LIVE during our online meet up. Details to be on our meeting: https://www.meetup.com/DEFCON201/events/270121378/
Anyone can enter by joining our group and entering our DISCORD Chat! Once in chat, select the #CTF channel and follow the instructions. This is how you will obtain thd DC201 Team Username and Password Log-In. You are then ready to hack away!
DEFCON 201 Discord Link: https://discord.gg/PGgPNEF
Clear Net: https://discordapp.com/channels/@me
Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)
Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304
The Zen of CTF
The DEF CON CTF is a premier hacking event that benefits at least three target audiences, and any organizer must be aware of them:
The participants. As the elite of the elite in the CTF hacking community, the DEF CON CTF participants deserve a CTF that is fair, is challenging, and pushes them past their intellectual limits.
The CTF community. As a group of security enthusiasts, amateurs, and professionals, the CTF community dedicates free time and energy to the pursuit of security glory and that knowledge that is obtained along the way.
The spectators. DEF CON brings together folks from all walks of security life, and some of them have never experienced the frenetic energy, joy, and tears of a CTF, and this will be their first introduction.
To properly honor the legacy of DEF CON CTF, and to lead it into the future, we will be cognizant of these different target audiences and to design not only the game, but the stage and room as well, to engage, to challenge, and to educate these diverse audiences.
DEF CON CTF
DEF CON CTF acts as a lens for the entire security community, magnifying the latest vulnerabilities, and pushing the bounds of exploitation. The latest and greatest security vulnerabilities make their way into DEF CON CTF challenges. This is an incredibly important part for the community, because reading about a vulnerability description on a blog is not the same thing as actively finding a vulnerability and developing an exploit. There is no knowledge without putting fingers to keyboard, and the DEF CON CTF is perfectly suited to forcing the CTF community to learn about the latest and greatest. This constant pressure keeps teams on their toes — forcing them to keep up with the times and stay relevant and current. There are no resting on laurels at DEF CON CTF. Thus, a DEF CON CTF must continue to not only having challenging problems, but those challenges must be on the cutting edge of technologies, vulnerabilities, and exploitation. This is important for all: the participants, the CTF community, and the spectators.
Most importantly, DEF CON is a symbol. It is a statement that hacking is not only cool, not only competitive, not only hard, but also possible and inspiring. Despite their mythical status, these elite hackers are not gods, able to solve problem simply by glancing at them. They make it to DEF CON CTF because they put in the time, effort, blood, sweat, and tear to develop the skills and, more importantly, the knowledge necessary to hack at the highest of levels.
DEF CON CTF must be an inspiration for everyone: the participants, the CTF community, and, most importantly, the spectators. This event should unite everyone: the curious newbie, the grizzled old SOC analyst, the CISO in a suit, the undercover fed, the young students, and the crazy university professor. It is incumbent upon the DEF CON CTF organizers to hold on and maintain this shining symbol of hacker excellence.
DEF CON CTF is a part of our community: a living, evolving event. It needs to be guided, shaped, and shepherded by knowledgeable, careful, and passionate organizers.
Therefore, as the next organizers of DEF CON CTF, we hereby promise to uphold and defend the following principles. All of our events, from now to the future, whatever form they may take, will live by these principles.
Responsible Innovation. DEF CON CTF must innovate, or it will stagnate and die. However, new additions to the game cannot be added willy nilly. Unlike some CTFs that deliberately experiment with new game designs, DEF CON CTF cannot completely change the game year-to-year and experiment with zany scoring systems or game designs. While innovation must be pursued for the game to evolve, this innovation must be tempered. Therefore, we promise to propel DEF CON CTF into the future, while maintaining a stable and fun game.
Intellectually Rewarding Challenges. Creating a difficult CTF challenge is easy: simply obfuscate or place the vulnerability in a random location in the program. However, this directly contradicts the goals of a CTF: intellectually rewarding challenges — challenges where you feel accomplished when you solve them, where you had to learn and master a new skill. Our DEF CON CTF will always strive for challenges that are challenging, but in an intellectually rewarding way, not in a random/frustrating way. Never again will participants suffer through a tarball that creates a qcow file system that contains thousands of deleted files, one of which is a docx that has a comment that contains a bit.ly link to the flag. These types of challenges test brute force skills (whether conceptual or computational), and are not the types of challenges that will we have in our DEF CON CTF.
State-of-the-art Challenges. Rather than focusing on one class of vulnerabilities or exploits over and over again, we will create challenges that have vulnerabilities ripped from both the headlines and the research papers. Cutting edge crypto vulnerabilities that are just theoretical. A massive vulnerability class that topples a Fortune 500. All of these challenges, and many more, will be included in our DEF CON CTF — where theoretical attack strongs and research blurs the line into the practical and real-world.
Inclusivity. DEF CON CTF should be enjoyed by everyone. This concept of inclusion extends to the participants, the CTF community, and the spectators. All will feel welcome at our events — all will feel enchanted by the hacker excellence. Young, old, male, female, or person, everyone will be welcome at our event and everyone will feel welcome.
Transparency. DEF CON CTF must be beyond reproach. To that end, the motivation, process, and results of the competition must be as transparent as they can be without compromising the competition itself. The last organizers have started down this road with their practice of open sourcing their services, infrastructure, and scoring data, and we plan to continue this in earnest.
By following these principles, we will deliver DEF CON CTFs that satisfy the needs of the participants, the CTF community, and the spectators.