2014 Registration and Other Announcements


We have two big announcements for you today!

Qualification Registration

Exciting news: registration is open for the 2014 DEF CON CTF season! Based on feedback from many of our international competitors, we have moved the qualifying weekend a month, to May 17-19. We hope this will help with some of the time sensitive issues of arranging for international travel to Las Vegas, should you qualify.

2014 DEF CON Capture The Flag Qualification Registration

Qualifiers will be played as previously announced, May 17-May 19, Midnight UTC to Midnight UTC. The starting time in your local time zone can be found here.

Changes for 2014

  • We have some new and exciting categories for you this year! Questions will no longer be forced into categories by type, but instead by author, with the exception of...
  • Baby's first! A whole category targeted for CTF beginners. Every question in this category is unlocked at the start of the game. Answering a question from this category will not allow board control. Hints will be available for this category.
  • Quals teams aren't size limited. Qualify with the whole group, and make difficult choices about who competes in finals!
  • Automated password resets
  • Two-factor authentication
  • Less pink!

Not changed for 2014

  • Finals teams are limited to eight total players.
  • Qualifying teams get 8 human badges, 2 hotel rooms.
  • Flags will continue to be captured using computers.

Open Up

One of our goals in building our vision the DEF CON CTF has been to be “more open”. We have opened up and released our design process, our packet captures, our finals database, and even some of our mistakes. We have made public some of the resources that generally only teams at finals get - namely the rules document, and the finals services. This is much more open than any DEF CON CTF in recent memory

We think we can do better. As our last action for the 2013 DEF CON CTF season, we're releasing many of the quals and finals services, open source, on GitHub. There are a few pieces that remain absent - these pieces involve some body of code we have intentions to reuse in future events. Please don’t bother us for these last few pieces - they’ll be released when we’re done using them for competitions.

Prequalified Events for 2014

Continuing the tradition of recognizing strong performance in Capture The Flag events through the year, Legitimate Business Syndicate is proud to announce the following events as DEF CON 22 CTF pre-qualification events:

Event Date Organizers Qualified Team
DEF CON 21 CTF August 1-4, 2013 Legitimate Business Syndicate Plaid Parliament of Pwning
RuCTFe December 14, 2013 hackerdom More Smoked Leet Chicken
Ghost In The Shellcode January 17-19, 2014 GitS Organizers Dragon Sector
Olympic CTF February 7-9, 2014 More Smoked Leet Chicken penthackon
Boston Key Party February 28 - March 2, 2014 Boston Key Party TBD
Codegate Finals April 1-2, 2014 Codegate TBD
PHDays May 21-22, 2014 phdays TBD
SecuInside TBA SecuInside TBD

Twelve more spots will be available to teams wishing to play at the DEF CON 22 Capture The Flag through our own open qualifiers, hosted May 17-May 19.

All qualifying teams will receive eight “Human” badges for admission to DEF CON 22 this year, as well as two hotel rooms at the Rio Las Vegas, for the duration of the event.

Announcing DEF CON 22 Capture the Flag

Good morning.

We're pleased to announce that Legitimate Business Syndicate will be returning for DEF CON Capture the Flag in 2014, August 7-10 at the Rio Hotel and Casino in Las Vegas. Legit BS will be building new qualifying and final games, with all-new services, challenges, tricks, and delicious binary treats for the discerning hacker.

Teams can qualify by being the Plaid Parliament of Pwning and winning DEF CON CTF 2013, winning a select set of other Capture the Flag games around the world, or by placing highly in the qualifying round to be held in May (tentatively the weekend of May 17).

Legitimate Business Syndicate (NSADAQ: LBS) innovated DEF CON CTF in 2013 with qualifying and final games built around harder and deeper services, smaller teams, and more real-world services. The qualifying round featured challenges based on ARM, x86, Die Hard with a Vengeance, and the classic casino game of Blackjack. Finals were hosted on LXC containers on non-virtualized ARM for the first time in DEF CON CTF history.

Keep an eye on the Legitimate Business Syndicate to find out what's in store for this year!

Congratulations More Smoked Leet Chicken

Congratulations to More Smoked Leet Chicken for their RuCTFe 2013 win, and for being the second team to qualify for DEF CON CTF 2014!

RuCTFe is an online, worldwide attack-defense CTF game hosted in the early winter by the Hackerdom team at Ural Federal University. More Smoked Leet Chicken (@leetmore") got a better score than the second- and third-place teams combined, and maintained an SLA over 75%.

We've contacted More Smoked Leet Chicken about their victory, and they've accepted our invitation to compete.

Stay tuned for more announcements about qualifying for DEF CON Capture the Flag 2014.

2013 Visual Branding: Finals

It's been a few months since the previous visual branding post, and since I've been looking at branding 2014, I thought I'd get this out of the way.

Visual design for finals didn't start until after quals; we were too busy panicking to get that put together and working to even consider panicking and putting finals together. I decided to not only stick with the Japanese game show theme, but also recycle most of the assets (the strawberry linen texture, the specific pinks and yellows, the stripe texture). This saved a surprising amount of time.

My original vision was a two-pane scoreboard at angles to each other, with teams on one fold and score data on another. Scores would be visually graphed as well as numbered, possibly with little graphs representing how that score was derived; this was before I remembered discussions from the beginning about zero-sum scoring, and we had more than one metric to graph.

Behind the two panes. we'd have two linen layers at right angles to each other, moving in opposite directions to produce a weird effect. Additionally, the scoreboard would have a scrolling floor beneath it and at an angle to the camera to look like you were constantly moving towards the scoreboard. Finally, the two panes would wave back and forth, as if blown by a breeze.

The big constraint was making the scoreboard fit both on the ridiculous monitors competitors bring (there was more than one Apple Thunderbolt Display on the floor), and also on the projectors DEF CON would graciously provide. I went responsive, with setpoints usable on both 1024x768 (typical projector) and sizes bigger than 1366x768 (11" MacBook Air).

I also set up two information screens for competitors.  First was a "How To Play" screen with rules and high-level instructions. What teams used most was the "Dashboard" that had basic SLA information, a flag submission form, an example command line to submit flags with curl (get on my level), and how to use the flag submission responses. Both of these screens were also in the two-pane style, but with different divisions between the panes, and not waving.

I got this all built out (with very little iteration due to time constraints), and took it to Vegas. When I first set foot in the room, it had already been mostly set up by Selir, Jymbolya, and Duchess, so all I had to do was get the scoreboard on the network and the scoreboard system on the network and projector.

This exposed a couple issues though: the projectors were only 800x600, and the color accuracy wasn't going to show the background texture at all, let alone the subtle crossed-scrolling effect. I made a new, even smaller 800x600 setpoint for the scoreboard, and got it mostly visible, with the exception of the timers being wonky. I removed one of the background layers, but didn't want to remove both of them because I'd still enjoy having them there.

After the first day, I was regretting the decision to not auto-update the scoreboard, so I added a meta refresh tag on the scoreboard. This could've been done with AJAX, but doing it in time with the background cycle and over a LAN meant that the reload flash wasn't too bad. Also after the first day, we removed the broken "you got owned" indicator from the SLA because, in Gyno's words, "we're not your fucking IDS."

Finals Statistics

Lines of Sass317
Bytes of minified CSS9829
CSS "float" declarations10
Inline style attributes1, for sizing the score bars
Favorite CSS declaration"width"

2013 Finals Release: Part 1

This is the first of two planned releases of finals data.

More packet captures are coming as we process them.