How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Tuesday, December 18, 2012

Cyberwarriors from All Over the World Fought to Partake in PHDays III CTF

PHDays CTF Quals, interactive information security competition, took place from 10 a.m. on December 15 to 10 a.m. on December 17 and lasted for the whole 48 hours. PPP (Plaid Parliament of Pwning), a team from the USA, became the winner. They had to resist to 493 teams from more than 30 countries in the course of the battle.

The competition went in a more active way comparing to the previous year — 681 teams applied for participation, 154 of them solved at least one task, and more than 100 people discussed the battle on IRC.
It should be reminded that, according to the results of the Quals, the first 10 teams of the overall rating, which scored the biggest number of points for the least time, qualified for PHDays III CTF.



PPP, a team from the USA, became the winner, the second place was taken by Eindbazen (Netherlands), and joint team More Smoked Leet Chicken took the third place. All in all, five teams from Russia were able to make their way to the top 10. This result can be considered as a perfect one taking into account stiff resistance of the teams.

The teams kept on struggling for the leading position in the overall rating throughout the competition. It is clear from the digram related to the tasks completion by the participants.


Competition Dynamics

The competition dynamics are well reflected by the collected statistics available for downloading here: http://pastebin.com/0Z3SH5D5.

Tasks

The tasks were divided into five categories. Each of them included five tasks of different challenge levels (from 100 to 500 points).

Binary — reverse engineering tasks.
PWN — "classic" hacking (the participants of one of the teams managed to obtain root privileges in the PWN-200 task named HEAP, which wasn't provided by the contest scenario). All the tasks of this category were solved.
Real World — tasks typical of the real world (SQL Injection, Active Directory, RBS hacking).
Forensic — the title speaks for itself. All the tasks were solved.
Misc — tasks not matching any of the other categories (MK-61 calculator, Rubik's Cube tasks, and other daily life elements). None of the teams managed to solve a 500-point task of this category.


Solved tasks

The following write-ups can be used for any details on the way the participants solved the tasks:

https://ctftime.org/event/56/tasks/
http://lobotomy.me/2012-12-17-phdays2012-quals---pwn100-writeup/
http://lobotomy.me/2012-12-17-phdays2012-quals---pwn400-writeup/ http://blog.sergeybelove.ru/ctf/426
http://blog.ipwned.it/phdaysctf-2012-realworld-200-2/
http://blog.ipwned.it/phdaysctf-2012-misc200/
http://darkbyte.ru/2012/61/phdays-quals-2012-writeup/
http://smokedchicken.org/2012/12/phdays-ctf-quals-2013-real-world-500.html
http://bitsmash.wordpress.com/tag/phdays/
http://f00l.de/blog/?tag=phdays
http://kmkz-web-blog.blogspot.ru/

Surprises

It's all clear with the results. However, those teams that failed to take the place in the top 10 should not get into despair — New Year is coming soon, and it can perform magic. In particular, the final list of the PHDays III CTF participants may be enlarged by increasing the number of places from 10 to N. The N value is under discussion.

Moreover, personal invitations from the competition organizers still work.

Thanks to everyone who partook in PHDays CTF Quals. See you at Positive Hack Days III in Moscow!

1 comment: