DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

DEF CON 28 CTF - Order Of the Overflow

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • DEF CON 28 CTF - Order Of the Overflow

    Click image for larger version  Name:	OOO CTF logo.png Views:	0 Size:	57.8 KB ID:	230972



    We are the Order of the Overflow. We are the current host of DEF CON CTF (Quals and Finals). Read about our philosophy here or reach us at team@oooverflow.io.

    Follow @oooverflow on Twitter for updates!
    DEF CON CTFsPublic Sources
    github/o-o-overflow

    We owe thanks to many people -- some are listed here
    Last edited by Dark Tangent; March 5th, 2020, 03:03.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    (Copied from https://oooverflow.io/dc-ctf-2020-quals/)
    DEF CON CTF 2020 QUALS

    Quals are finished, congrats A*O*E!

    Scoreboard: https://scoreboard.oooverflow.io
    The quals spanned 2 days, starting from May 16th UTC. (CTFtime - timeanddate)
    For a little while, we may still chat on DEF CON’s official discord (CTF area).
    Available data:
    Pre-qualifiers

    Only the world’s top teams make it to DEF CON. This enables the event to explore the cutting edge of the amazing things that the world’s hackers are capable of. But the trick, of course, is figuring out who these hackers are. In CTF, this is done through cut-throat competition.
    Every year, the DEF CON CTF organizers select a number of prominent events in the CTF community as prequalifiers. The winner of each of these is automatically invited by the Order of the Overflow to compete in DEF CON CTF, and the OOO completes the roster by selecting teams through our own qualification round (scheduled this year for March 27th!) as well as last year’s DEF CON champion.
    We select pre-qualifying events according to several considerations. We always look for quality events that present a variety of interesting challenges to their participants. We look for both prominent events with an established history and promising up-and-comers. And we have an additional metric: connecting the various global hacker communities. We want qualifiers not only to represent quality and innovation, but also to enable DEF CON to be a place where top hackers from the different worldwide hacker communities come together!
    To that end, the Order of the Overflow has selected the following events as pre-qualifiers:Additionally, teams will prequalify through the following DEF CON events:From these events, we will identify the top hackers in the CTF community, invite them to DEF CON, and watch them battle it out at DEF CON 28. See you there!
    What will DEF CON 28 CTF Finals look like?

    As you might have heard, DEF CON 28 will be done in Safe Mode. This means that there will not be an in-person final event in Las Vegas. We will, however, host some form of final event! We’ll sort out the details as soon as we can.
    New this year: GOLF CHALLENGES 🏌️‍♀️ 🏌️‍♂️ ⛳ IN CTF

    Last year, we challenged you with an entire category of speedruns 🏎️: bite-size problems designed for hacking races. Speedrun challenges added a twist by letting the top teams dictate awarded points by beating each other to the punch.
    What if they could also dictate the difficulty 🤔?
    This year, the Order of the Overflow is excited to introduce a new style of CTF challenge: golf ⛳. In a golf challenge, teams race against time to solve a challenge that’s gradually degrading in difficulty. The sooner they solve it, the more difficult it remains, the harder it is for other teams to catch up, and the more points it will be worth. Can you keep those points out of the hands of your competition?
    As an example, let’s look at how a King of the Hill ⛰️ challenge from DEF CON 27 Finals, The Bitflip Conjecture (writeups here, here, and here), where teams scored based on how many different bitflips their crafted shellcode survived. If The Bitflip Conjecture was deployed as a golf challenge, it might work like this:
    • When launched, the challenge would have a threshold of 0 failed bitflips: to solve the challenge, a team would have to craft a shellcode that could survive any single bitflip in any position.
    • After the service launches, there is a grace period where the threshold remains unchanged.
    • After the grace period, the threshold begins to slowly tick up, on a per-challenge rate. For example, the threshold might increase by 1 every ten minutes, so after an hour, a shellcode that fails on 6 bitflips would solve the challenge.
    • When a team submits a solution that satisfies the threshold, they receive the challenge flag. When they submit this flag, the threshold is locked.
    • To score, any future team must create a solution that is at least as “good” as that of the first team to solve the challenge.
    As time passes and the threshold changes, the challenge becomes inherently easier. The easier the challenge, the more teams will eventually solve it, and the fewer points it will be worth for everyone. If you have the skills, it is in your interest to “lock” the difficulty as high as possible to keep the challenge harder, keep it solved by fewer teams, and get the most points out of it that you can.
    Golf challenge ⛳ schedule for DEF CON 28 CTF Quals

    Like speedruns, golf challenges have a time-critical ⏱️ component. Thus, we are pre-committing to a release of 3 golf challenges throughout the game, one 0 hours, one 8 hours, and one 16 hours after the start of the competition.
    FAQs

    Q: If I am the second team to solve a golf challenge, do I need to have a better solution than the first team to solve that challenge?
    A: No, you need to have at least as good a solution. A solution exactly as good will continue to be valid for the challenge.
    Q: How long is the grace period?
    A: This varies by challenge and will be listed in the description.
    Q: What is the starting threshold of a challenge?
    A: This varies by challenge and will be listed in the description.
    Q: How fast does the threshold change?
    A: This varies by challenge and will be listed in the description.
    Q: Does the threshold increase or does it decrease?
    A: This varies by challenge and will be listed in the description. The threshold will only ever change monotonically in one direction.
    Q: What happens if no one solves the challenge?
    A: The threshold will continue to change until the challenge becomes trivial and is solved.
    Q: If the threshold was at Y, and the first solution that satisfies it would also satisfy a “harder” threshold X, what is the threshold locked to?
    A: The threshold would be locked to Y.

    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

    Comment

    Working...
    X