UCSB iCTF 2008
- © Copyright??
1st place of 39 Teams.
It has now become a tradition that Professor Giovanni Vigna and his team from the University of California, Santa Barbara (UCSB) host a "Capture the Flag" (CTF) security contest. Thus on Friday 5th December, 39 student teams from universities around the world took part in the largest competition of its kind to date. "Capture the Flag" contests are usually comprised of a virtual private network between the teams, and the organizers distribute an image of a virtual machine. Inside the virtual machine several services run which have been specially created for the contest. The students' task is to examine the services for security flaws and fix any identified problems. This should be done before the other teams are able to exploit the flaws in order to disrupt the interaction of your services with simulated clients from the organizer.
This time however, Professor Vigna's group has devised an entirely different scenario, which was announced at the beginning of the contest. For each participating team there was a small network of hosts which could be accessed remotely. Those hosts should be examined for vulnerabilities, and in the end a bomb was to be defused, which was connected to one of the hosts. Additonally, 13 challenging quests had to be tackled, from determining the output of a program which is only given as fragment, to riddles which required knowledge of nerd popular culture.
Shortly before the contest time elapsed, the ENOFLAG team from TU Berlin was able to disarm the bomb and solve 12 of the quests, which secured the path to victory.
For those who want to know even more there is a walkthrough  which explains the challenge solutions and the weaknesses of the contest network in great detail.