- © 2009 AGRS
After making it into the finals of Defcon 17 CTF
the South Korean group "Sapheads" decided to create their
own contest. The challenges resembled the Defcon qualification stage
in style and content, but Sapheads had written a nice fictitious
background story which tied everything together. Thus the contest was
much more fun than playing with a random assortment of vulnerable
services, yet on the other hand this meant that the challenges could
only be tackled sequentially because they were following a linear
The whole contest consisted of ten challenges. The early ones were the usual composition of forensics, PHP-based webserver intrusion and even a coding job, but it became evident soon enough that the second half was focused on analysis and exploitation of services which were only available in compiled form. Nevertheless the organizers did a great job to make each challenge fresh and interesting although the exploit techniques stayed basically the same from the seventh challenge on.
The contest lasted 48 hours and team ENOFLAG was the second team to solve challenge #8. As no team was able to finish challenge #9 in time, this meant that ENOFLAG had finished second place , beaten only by the group CLGT from Vietnam who had completed #8 about one hour earlier. All in all 247 teams had registered for the contest with 52 of them reaching the fourth level.
Sapheads are offering  a tarball of all challenges and the comics which form the background storyline and they are working on making the virtual machine images which hosted the challenges available as well. They have also already announced their plans to create another contest "Hackjam 2", however without a set date.
ENOFLAG have again (as they did for UCSB iCTF 2008) created a writeup , i.e. a description of their solutions to the contest challenges.