DEF CON CTF 2015 Qualifiers are Complete

Hello,

Thanks for being a part of our biggest DEF CON CTF qualifiers yet. We're still very excited at how well the 4407 players, 1472 teams, and over 4000 unique IP addresses performed in our game, and have some preliminary results and other information to share with you.

The Final Results

These are the top 25 teams from the qualifiers. For a more complete and machine-readable list, please see https://legitbs.net/2015/quals_scoreboard.json. A more substantial data dump similar to the Quals 2014 Data Dump is forthcoming.

rankteamscore
1PPP57
2DEFKOR57
3944757
4Gallopsled53
5HITCON46
6blue-lotus45
7SpamAndHex44
8CORNDUMP43
90ops42
100daysober42
11Dragon Sector42
12Shellphish42
13LC↯BC41
14Mostly Inexperienced Beginner Hackers40
15Samurai39
16KAIST GoN39
17Alternatives36
18Eat, Sleep, Pwn, Repeat34
19Routards34
20binja32
21WhatTheBird32
22Blunt Instrument32
23tasteless30
24int3pids27
250x8F26

Preparing for Finals

Over the coming weeks, we'll be contacting qualifying teams about their appearance at DEF CON 23 in Las Vegas. If you have write-ups to share, please post or link them at the CTF write-ups github. If you want to find more CTF games to play, check out CTF Time.

Thanks again, and we hope to see you in Vegas!

DEF CON CTF 2015 Qualifiers This Weekend

tl;dr: When this post is 24 hours old, CTF qualifiers will begin. Register and play at https://2015.legitbs.net/.

How to Qualify for DEF CON CTF

  • Be one of the pre-qualified teams from DEF CON CTF 2014, SECCON CTF 2014, RuCTFE 2014, Ghost in the Shellcode 2015, Boston Key Party 2015, or PlaidCTF 2015.
  • Place highly in this weekend's game.

Good luck!

Registration for 2015 Qualifiers is Open!

Grab ∞ of your leetest friends and get ready for DEF CON CTF qualifications. We're building another great game for you this year, with brain-destroying binaries, super-sick shellcode shenanigans, and challenging fun for you. Register yourself, create or join a team, and get your affairs in order for DEF CON CTF 2015.

Register for DEF CON 23 Capture the Flag qualifiers at https://2015.legitbs.net/ or by clicking here.

DEF CON CTF 2015 Qualification Update: February Edition

Hello!

We'd like to share the current DEF CON CTF 2015 qualification status, two hours before the start of Boston Key Party!

Competition Start Date End Date Link Notes
DEF CON CTF 2014 May 17, 2014 Aug. 10, 2014 https://legitbs.net/2014/ Qualified the Plaid Parliament of Pwning.
SECCON CTF 2014 Dec. 12, 2014 Feb. 8, 2015 http://ctf.seccon.jp/timeline.html Qualified TOEFL Beginner.
RuCTFE 2014 Dec. 20, 2014 Dec. 20, 2014 http://ructf.org/e/2014/ Qualified Bushwhackers.
Ghost in the Shellcode Jan. 16, 2015 Jan. 18, 2015 http://ghostintheshellcode.com/ Qualified Samurai.
Boston Key Party Feb. 27, 2015 Mar. 1, 2015 http://bostonkeyparty.net Online jeopardy style game.
PlaidCTF Apr. 17, 2015 Apr. 19, 2015 http://www.plaidctf.com/ Online jeopardy style game.
DEF CON CTF Qualifiers 2015 May 16, 2015 May 17, 2015 https://legitbs.net/ Online jeopardy style, more information soon!
Congratulations to the teams that have qualified so far, and good luck to all the teams still hacking! Enjoy Boston Key Party, PlaidCTF, and we hope to see you in our qualifiers in May!

Quick Qualification Update

DEF CON CTF qualifications will be held from UTC Midnight at the start of May 16, 2015, to UTC Midnight at the end of May 17, 2015. Forty-eight hours total.

Competition Start Date End Date Link Notes
DEF CON CTF 2014 May 17, 2014 Aug. 10, 2014 https://legitbs.net/2014/ Qualified the Plaid Parliament of Pwning
SECCON CTF 2014 Dec. 12, 2014 Feb. 8, 2015 http://ctf.seccon.jp/timeline.html Qualifications round finished, finals in February 2015.
RuCTFE 2014 Dec. 20, 2014 Dec. 20, 2014 http://ructf.org/e/2014/ Finished.
Ghost in the Shellcode Jan. 16, 2015 Jan. 18, 2015 http://ghostintheshellcode.com/ Finished.
Boston Key Party Feb. 27, 2015 Mar. 1, 2015 http://bostonkeyparty.net Online jeopardy style game.
PlaidCTF Apr. 17, 2015 Apr. 19, 2015 http://www.plaidctf.com/ Online jeopardy style game.
DEF CON CTF Qualifiers 2015 May 16, 2015 May 17, 2015 https://legitbs.net/ Online jeopardy style, more announcements in 2015.

Thanks to skolor for the reminder to update this.

Announcing DEF CON CTF 2015 Qualifying Contests

We are pleased to announce that the following competitions will pre-qualify competitors for DEF CON Capture the Flag 2015. In order of contest start dates:

Competition Start Date End Date Link Notes
DEF CON CTF 2014 May 17, 2014 Aug. 10, 2014 https://legitbs.net/2014/ Qualified the Plaid Parliament of Pwning
SECCON CTF 2014 Dec. 12, 2014 Feb. 8, 2015 http://ctf.seccon.jp/timeline.html Qualifications round finished, finals in February 2015.
RuCTFE 2014 Dec. 20, 2014 Dec. 20, 2014 http://ructf.org/e/2014/ Online attack-defense, register now!
Ghost in the Shellcode Jan. 16, 2015 Jan. 18, 2015 http://ghostintheshellcode.com/ Jeopardy-style, on-site at ShmooCon or play online.
Boston Key Party Feb. 27, 2015 Mar. 1, 2015 http://bostonkeyparty.net Online jeopardy style game.
PlaidCTF Apr. 17, 2015 Apr. 19, 2015 http://www.plaidctf.com/ Online jeopardy style game.
DEF CON CTF Qualifiers 2015 TBA TBA https://legitbs.net/ Online jeopardy style, more announcements in 2015.

The best way to get good at Capture the Flag is by playing CTF games, learning what the experience is like, becoming familiar with the flow for solving challenges and writing exploits, and documenting your process. Your road to Vegas, no matter how long it is, starts with competition.

Becoming a DEF CON CTF 2015 Qualifying Competition

Do you run a Capture the Flag or other computer security competition? Want to have that elite prize that brings top-tier competitors? Want to have your winners move on to DEF CON finals? Become a DEF CON CTF 2015 Qualifying Competition!

UPDATED Nov. 17 2014: "Your competition MAY have both offensive and defensive components." The previous version had "SHOULD" there.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

Running a Competitive Competition

DEF CON CTF competitors are the best in the world. When less-qualified teams compete, they don’t enjoy the game, and don’t provide a lot of enjoyment for other teams either. Therefore, we must ensure  only the most qualified teams are invited. Our standards are as follows:

  1. Your competition MUST be open to all. You MUST NOT restrict entry or winning to students or professionals. You MAY structure your game with separate qualifying and finals events.
  2. You MUST NOT charge a fee to competitors, except for normal admission to a conference.
  3. Your competition MUST allow teams of at least four people.
  4. You MUST publish a final scoreboard within seven days of competition ending.
  5. You MUST be able to privately share the winning team’s contact information with us within seven days of competition ending.
  6. You MUST NOT publish personal information about competitors for any reason.
  7. You MUST NOT announce DEF CON CTF qualifying status prior to a Legitimate Business Syndicate announcement of same.
  8. You MUST either have run a competition previously, or be willing to share details and challenge samples with Legitimate Business Syndicate prior to approval.
  9. Your competition MAY have both offensive and defensive components.
  10. Your competition MAY be either online or local/in-person, or both!

If you don’t or can’t meet these requirements, please don’t ask for an exception. It’s possible we might not be a good fit for your competition as designed, and we don’t want to force you to compromise how you run your event.

Sending a Proposal

Send us an email to [email protected] before Midnight, Dec. 1, 2014 (1417392000) with answers to the following questions:

  1. Who is your group?
  2. What is your game named?
  3. Where and when are you hosting it?
  4. How do you design and build challenges?
  5. What’s your favorite vulnerability or exploit (CVE-number or well-recognized name)? Why?
  6. Do you have a favorite CTF challenge or service? How did you solve it?
  7. How do you plan to handle cheating?
  8. Have you or members of your team ever organized a CTF before? Provide details.
  9. Have you or members of your team participated in a CTF event? Provide details.
  10. How many people are involved in the following: challenge writing, game design, infrastructure, and support?

The earlier we get your submission, the earlier we'll read it and form a concrete opinion. Slots are limited. Expect a response by Dec. 9, 2014.

Rules, Disclaimers, and Caveats

  1. Legitimate Business Syndicate may terminate your qualifying event status at any time for any reason, including reasons not covered in this document.
  2. Competitions that publicly publish personal information about competitors will be forbidden from being qualifying events.
  3. Competitions that announce their qualifying event status before a Legitimate Business Syndicate announcement of their status will be forbidden from being qualifying events.
  4. Legitimate Business Syndicate reserves the right to use your competition’s name, logo, and description in promotional materials.
  5. Legitimate Business Syndicate will not use your or your competitors’ contact information for anything besides internal decision-making and official game communication.

All qualifying competition decisions made by Legitimate Business Syndicate members are final.