Re: DEFCON CTF 2009 - Feedback Requested

Can they be forced to do it? If they're debating, I don't know how persuasive this is, but if we could suggest that it'd be nice, I'm all for suggesting. I think they do a very decent job, and it's a danged hard thing to do even a mediocre job at.

Sure, let's insist they come back.

Re: DEFCON CTF 2009 - Feedback Requested

Wont be the same without them.

Re: DEFCON CTF 2009 - Feedback Requested

If they don't do it wil lthe flag be passed to someone else?

Re: DEFCON CTF 2009 - Feedback Requested

I've actually put some thought into it this morning in the shower and I think I have a semi-solid suggestion formed.

The Ghettohackers paved a pretty strong path for CTF; Kenshoto took that torch and tossed gas on it .. but along the way some of the initial free-for-all feel got lost. To insiders it became a pretty serious endeavor that gets prepped for the year in advance. To outsiders it became an insane devotion of professionals (pentesters, educators, etc) that seemed unattainable. A far cry from me walking up at DC10 and saying 'can I play too'.. hearing stories of the SE compromises of the past and whatnot. Today everything is pre-qualled and extremely guarded.

Not saying its bad, but it is what it is and several years in probably needs a twist to put folks back on their toes :)

I'm all for Kenshoto coming back for another round. As stated before, they've done just awesome things with the contest. I'm not sure why they're questioning 17, but can only guess its related to time commitment .. putting something on of that magnitude must take enormous preparation, resources, energy et al.

I would suggest that Kenshoto, or another group if they bow out, work together with Riverside and crew, as well as the aCTF folks. It forms along the greater scheme that I conceived last year for village addition of PwnTown .. but that's a frosting layer and not the bacon and cheese underneath.

) CTF always has a nifty twist... keep that secret. CTF commonly has pre-quals for a set number of teams that will compete king of the hill style brawl... keep that too.

) The Wall of Sheep has been doing awesome things as well, last year watching the guys take it to yet another level with learning sessions and standard analysis debauchery. They have integrated with the Defcon network and quite interestingly with the Blackhat network to peek at the bored corporates and the fun they have.

) aCTF has spawned and matured to pick up the reigns for what CTF lost. Impromptu breaking, learning, and a wrapper of contest to entice.

Pulling it together, what if the CTF competitors were treated more like companies connected to the Internet? What if a subnet were enabled to have random folks walk up and start attacking them mid game? What if the aCTF folks shepherded that a little and geared their subcontest to a subset of actual CTF attacks as well as side-contests or side-achievement? What if the same networks aggregated and spanned to a debug port that was monitored by the Wall of Sheep and those participating in that facet of network security?

It builds to a triumvirate of competition and learning. It also opens the gates for PwnTown and breakout sessions to teach things like reversing, exploit analysis and crafting, etc.