Wednesday, April 9, 2014

Update: Dragon Sector TOP3 at CODEGATE CTF Finals 2014

Last week a representation of the Dragon Sector team consisting of j00ru, valis, redford, jagger participated in the finals of the renowned competition in Seoul, South Korea - CODEGATE CTF. As this was was quite an adventure for all of us both in terms of exploring new cultures and taking part in an offline event (which would be the second one for our team), we decided to share the experience with you in the form of a short status update blog post.

Some of us arrived to South Korea three days before the competition, others only two days in advance. Overall, this gave us enough time to both get over an 8-hour jetlag and do some sightseeing in the capital, feeling the vibe of the city, trying out local cuisine (and Soju!) and so forth. 

After a nice period of relaxation, time has come for some rivalry. The CTF was held in COEX Convention & Exhibition Center, next to where the CODEGATE conference would be held the following day, and lasted for 20 hours - since 2 p.m. on 2nd of April (Wednesday) until 10 a.m. on 3rd of April (Thursday).

All 14 teams playing in the finals were seated in a single, large room, each being provided three desks (clearly labeled with a signboard containing the team's name, country of origin, flag and logo), power supply and network connectivity; the organizers also had their spot set up on stage in one of the corners, from where they would announce news like newly published, broken and fixed tasks. During a brief orientation, we were informed about the standard rules of the contest (jeopardy format, a maximum of four players per team, no flag sharing, no hinting to other teams, no attacks on infrastructure etc) and spent the remaining time setting up and chatting with the other groups. A few minutes past 2 p.m., the CTF web system in the local network was up and the competition started.

The CTF opened with five tasks available, with more challenges added throughout the entire competition, with the last one becoming available just 30 minutes before the end of the contest. There were a total of 15 tasks split between the "web", "exploitation", "reverse engineering" and "mixed" categories, some of them worth as much as 750 or 800 points and consisting of multiple levels. All in all, the event was extremely binary-oriented with a slight taste of web security - something we expected and prepared for. The first three teams to solve each task would receive a bonus of 30, 20 and 10 points respectively, thus capturing the flags in a timely manner was highly encouraged, yet not easy, considering that a majority of the solid and well-known teams showed up there.

While there were one or two small hiccups such as a broken task, the technical quality of the CTF was top notch. The tasks were interesting and challenging, the broken ones would be fixed by the crew within an hour of announcement and truth be told - we had a lot of fun playing the game, which is probably the most important aspect of any CTF. In addition to that, the organizers made sure we were provided with food and drinks so that we wouldn't have to take care of this ourselves. Thanks to all this, we really enjoyed the 20 hours we spent in the room. :)

For the most part of the contest, PPP was the leader in the ranking, with occassional shuffling in the top2-top5 positions. Since about 12 hours into the game, we managed to take the second place and maintain it until ~1.5 hours before the end, when More Smoked Leet Chicken solved a task and overtook us by 70 points. While we did have one more task solved, we were short by two minutes to get the remote shell and submit the flag, before the CTF ended precisely at 10 a.m. As a result, the final top3 remained as follows:
  1. PPP (6080 pts)
  2. More Smoked Leet Chicken (2940 pts)
  3. Dragon Sector (2870 pts)

The awards ceremony was long, pompous and unfortunately all in Korean. All of the participating teams were invited to the stage, and the first three teams were handed their statuettes, diplomas and checks. After that, the CODEGATE conference started and we could finally get some sleep.

We're extremely happy to have been able to participate in this great CTF thanks to the technical crew, authors of the tasks and the organizers of the conference. We congratulate both MSLC and PPP for their great performance and are looking forward to a visit in Seoul next year!

As a closing note, we are still looking for sponsors to be able to take part in the DEF CON CTF in Las Vegas, USA and possibly other competitions this year. For details, see here.

1 comment:

  1. Good job guys! Congrats.
    By the way, the ceremony was translated into English, you just had to pick up a radio from any table and "tune in".