CAPTURE THE FLAG
To celebrate the 10th year anniversary of HITBSecConf, the CTF Overlords and CTF Crews 1.0, 2.0 and the all-new 3.0 will be coming together to work on a 32 HOUR NON STOP CAPTURE THE FLAG COMPETITION which we’re calling CTF Weapons of Mass Destruction – Fallout Apocalypse!
In our previous CTF Weapons of Mass Destruction, Teams had a set of daemons / services running on their machines and they had to exploit rival teams’ daemons to steal their flags. Submit the flags to obtain offensive points and also unlock nuclear weapons that can be launched against rival teams. For defensive points, all the team had to do was to keep their daemons up and running.
Fallout Apocalypse will require each team to manage a nuclear power plant and protect their daemons, which represents the reactor’s cores, from attacks while at the same time launch attacks against rival teams’ nuclear reactor. Weaponized SCADA exploits can be used to cause monetary damage towards rival teams. Fallout Apocalypse will also feature a spanking new black market where teams may trade exploits and also purchase countermeasures.
Each team will start with an equal amount of money which represents their points. More money can be obtained periodically by making sure daemons are all up and running during a flag check initiated by the score server. Money can also be obtained by achieving “Break through Points”, which will be awarded to the first team who manages to solve a daemon, or in other words, be the first to steal a flag via a particular daemon.
By solving a daemon, not only will the team be awarded with points, the team will also be awarded with a Weaponized SCADA exploit that can be launched against a rival team. There will be a total of seven (7) daemons all together, hence seven (7) weaponized SCADA exploits available for each team to acquire. No extra points will be awarded to the team that launches it, however monetary damage will be inflicted against the target team. If a team’s money reaches zero (0), the team will automatically be kicked out of the competition. Keep in mind that each weaponized SCADA exploit may only be used once. Depending on the difficulty of exploitation of the daemon, each weaponized SCADA exploit will carry a different damage rating.
As mentioned earlier, Fallout Apocalypse will feature a Black Market where teams can conveniently purchase items from the shop and also trade exploits amongst each other. Items such as protection and countermeasures can be purchased while on the other hand, teams who wish to auction off their exploits can do so via a broker (The CTF Crew). The owner of the exploit will inform the broker of starting price and the broker will auction it off to the highest bidder. The profit obtained from the purchase will be added to the seller’s pot of gold (total points).
At the end of the competition, the team with the most money (total points) will be crowned as the winner. Hence, teams will need to make sure their daemons are up and running and also harvest flags from time to time for more points. Flags are changed periodically to allow teams to obtain more points by harvesting flags. The CTF network will be isolated from the rest of the conference network, and we will NOT provide Internet on the CTF network. However, you are free to use the HITB conference wireless network.
If you are confused or unsure about the format of this CTF, don’t fret! We’ve prepared a handbook that will clarify how the game works, how scoring is done and what is needed to win. You can obtain a copy of the handbook from the link below:
WHAT TO BRING
- A network switch
- Network cables
- Extra power sockets.
The game will run for 32 hours NON STOP over the 2 days of the conference. Each team is limited to a maximum of 3 people and at the end there can only be the top 3 winners.
We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to simple rules such as:
Be on time or else you’ll miss the briefing!
No automated scanners (such as nessus) are allowed at all. The challenges in this competition are custom made specifically for the 31337. Your automated scanners will not help you but will in fact just make you look like a n00b script kiddie. It will also result in a penalty that may lead to disqualification.
No flooding and / or DoS attacks. Teams caught in the act will be penalized by a time penalty or a disqualification.
No ARP spoofing. Teams caught in the act will be penalized by a time penalty or a disqualification.
No harassment of other opponents. Are we all not gentlemen?
All participants must obey to PIT STOP calls. PIT STOP calls are rest intervals where all the players must leave the CTF area to facilitate for the CTF Crew to perform maintenance work.
PRIZES & RECOGNITION OF YOUR MAD SKILLZ
1st Place – USD3133.7 (sponsored by Panda Security)
biatch&dawg Custom Clothing #HITB2012KUL CTF Winner Hoodies
(sponsored by Trustwave SpiderLabs)
2nd Place – biatch&dawg Custom Clothing #HITB2012KUL CTF Winner Hoodies (sponsored by Trustwave SpiderLabs)
3rd Place – biatch&dawg Custom Clothing #HITB2012KUL CTF Winner T-Shirts (sponsored by Trustwave SpiderLabs)
HOW DO I REGISTER?
To register for Fallout Apocalypse, please send an email to firstname.lastname@example.org with the following details. Do note that registration closes on the 25th of September 2012.
- Team Name
- Team Leaders Name / Handle + Email Address
- Team Members Names / Handle + Email Addresses
- 0xDC381015 (SINGAPORE)
- Nandy Narwhals (SINGAPORE)
- AIF (SINGAPORE)
- LOL (VIETNAM)
- Tachikoma (JAPAN)
- HTV (VIETNAM)
- Hondorioxz (IRAN)
- Stealther (MALAYSIA)
- sutegoma2 (JAPAN)
- Orange Dutch Glasses (NETHERLANDS)
At all times, the decision of the CtF Organizing Team is final on any matter in question.