DEF CON 23 Finalists

Congratulations to the following teams, who have qualified and accepted spots in the DEF CON 23 Capture The Flag.
Team NumberTeamQualifying Event
1Plaid Parliament of PwningDEF CON CTF 2014 Finals
3SamuraiGhost in the Shellcode
4HITCONBoston Key Party
69447DEF CON CTF Qualifiers
7GallopsledDEF CON CTF Qualifiers
8blue-lotusDEF CON CTF Qualifiers
9!SpamAndHexDEF CON CTF Qualifiers
110opsDEF CON CTF Qualifiers
120daysoberDEF CON CTF Qualifiers
13Dragon SectorDEF CON CTF Qualifiers
14ShellphishDEF CON CTF Qualifiers
15LC↯BCDEF CON CTF Qualifiers
We look forward to seeing everybody out in Las Vegas. Even if you didn't qualify for our game, we hope to see anybody interested in CTF in our room, in the corner of the Bally's Event Center.

2014 Finals Scorebot SQL Dump

"I want to download and audit the Scorebot from DEF CON 22 CTF just like I did for DEF CON 21 CTF finals ."


  1. Have PostgreSQL 9.3 or newer installed. 9.2 may work but has not been tested.
  2. OPTIONAL: verify that you downloaded an official dump. More instructions below.
  3. Create a database named scorebot-2014. From the command line: createdb scorebot-2014
  4. Load the pgdump file into the database: pg_restore -d scorebot-2014 scorebot-2014.pgdump
  5. Query it:
    > psql scorebot-2014
    psql (9.4.3)
    Type "help" for help.
    scorebot-2014=# select id, name, dupe_ctr from teams order by name asc;
     id |             name              | dupe_ctr
     12 | (Mostly) Men in Black Hats    |       14
      2 | 9447                          |     1445
     19 | BalalaikaCr3w                 |        0
      8 | CodeRed                       |        2
     15 | Dragon Sector                 |    11880
     18 | Gallopsled                    |        0
      9 | HITCON                        |   112320
     11 | HackingForChiMac              |    40824
      6 | KAIST GoN                     |     5452
     21 | Legitimate Business Syndicate |        0
     14 | More Smoked Leet Chicken      |    39797
      1 | Plaid Parliament of Pwning    |   158842
      3 | Reckless Abandon              |        0
      4 | Routards                      |        0
     17 | Stratum Auhuur                |       10
     16 | [SEWorks]penthackon           |       29
     20 | binja                         |        0
     10 | blue-lotus                    |       10
      5 | raon_ASRT                     |     1096
      7 | shellphish                    |        0
     13 | w3stormz                      |      253
    (21 rows)

Analyses We've Seen Before and Analyses We'd Like To See

Willem Vandercat of ROPtimus Prime posted a great analysis of our 2013 data called A BS Analysis Based on Legit Data, and in our follow-up A Legit Analysis, we noted that we didn't store enough data for accurate replay both due to oversights and programming errors.

We hope that our 2014 data are more complete: this is one reason the dump is 84MB instead of 4.6MB. In particular, we've included a penalties table that connects failed availabilities to penalty flag transfers, and added a log of availability script output to the availabilities table. In particular, we've addressed the flaw about not storing enough data to accurately replay or rescore the game.

Validating and Verifying a Database Dump

Once you've downloaded the .pgdump file, you can check its signature against Vito's public GPG key.

  1. Obtain Vito's public key from this blog,, or the MIT Public Key Server .
  2. Install the key in your GPG keychain.
  3. Run gpg --verify scorebot-2014.pgdump.sig. You should see output similar to:
    > gpg --verify scorebot-2014.pgdump.sig
    gpg: Signature made Tue Jun 16 23:19:40 2015 EDT using RSA key ID C81CA674
    gpg: Good signature from "Vito Genovese <[email protected]>"
    gpg:                 aka " <[email protected]>"
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 3D67 0192 A797 5173 646C  79D3 B07D 6161 43CA A77B
         Subkey fingerprint: D586 0919 7A9F 6055 BF1D  F3E9 18A0 1190 C81C A674

If you just want to trust every ISP between us and you, you can also check the SHA-2/256 sums:

> shasum -a 256 scorebot-2014*
a49de19153bf78677d6c90f7ec1fea8ac2dc4f74b2d4cf1dc218dacc1f81b6a4  scorebot-2014.erd.pdf
9b6e90f2e52439ec9fc5a979c631b159f70b1fbd9371f40d6711526d2c002813  scorebot-2014.pgdump
854eb9250d0e8f083878871aebf154103e45cf3f01b339fe915efd32c1a75652  scorebot-2014.pgdump.sig



To the extent possible under law, Legitimate Business Syndicate has waived all copyright and related or neighboring rights to the DEF CON 22 CTF SQL dump. This work is published from: United States.


Thanks for your interest! DEF CON Capture the Flag only exists because of the CTF community around the world, and we hope these data are useful and interesting. Special thanks to Willem Vandercat of ROPtimus Prime for pushing us to store and release better data for 2014!

See you in Las Vegas!

DEF CON CTF 2015 Qualifiers are Complete


Thanks for being a part of our biggest DEF CON CTF qualifiers yet. We're still very excited at how well the 4407 players, 1472 teams, and over 4000 unique IP addresses performed in our game, and have some preliminary results and other information to share with you.

The Final Results

These are the top 25 teams from the qualifiers. For a more complete and machine-readable list, please see A more substantial data dump similar to the Quals 2014 Data Dump is forthcoming.

11Dragon Sector42
14Mostly Inexperienced Beginner Hackers40
18Eat, Sleep, Pwn, Repeat34
22Blunt Instrument32

Preparing for Finals

Over the coming weeks, we'll be contacting qualifying teams about their appearance at DEF CON 23 in Las Vegas. If you have write-ups to share, please post or link them at the CTF write-ups github. If you want to find more CTF games to play, check out CTF Time.

Thanks again, and we hope to see you in Vegas!

DEF CON CTF 2015 Qualifiers This Weekend

tl;dr: When this post is 24 hours old, CTF qualifiers will begin. Register and play at

How to Qualify for DEF CON CTF

  • Be one of the pre-qualified teams from DEF CON CTF 2014, SECCON CTF 2014, RuCTFE 2014, Ghost in the Shellcode 2015, Boston Key Party 2015, or PlaidCTF 2015.
  • Place highly in this weekend's game.

Good luck!

Registration for 2015 Qualifiers is Open!

Grab ∞ of your leetest friends and get ready for DEF CON CTF qualifications. We're building another great game for you this year, with brain-destroying binaries, super-sick shellcode shenanigans, and challenging fun for you. Register yourself, create or join a team, and get your affairs in order for DEF CON CTF 2015.

Register for DEF CON 23 Capture the Flag qualifiers at or by clicking here.

DEF CON CTF 2015 Qualification Update: February Edition


We'd like to share the current DEF CON CTF 2015 qualification status, two hours before the start of Boston Key Party!

Competition Start Date End Date Link Notes
DEF CON CTF 2014 May 17, 2014 Aug. 10, 2014 Qualified the Plaid Parliament of Pwning.
SECCON CTF 2014 Dec. 12, 2014 Feb. 8, 2015 Qualified TOEFL Beginner.
RuCTFE 2014 Dec. 20, 2014 Dec. 20, 2014 Qualified Bushwhackers.
Ghost in the Shellcode Jan. 16, 2015 Jan. 18, 2015 Qualified Samurai.
Boston Key Party Feb. 27, 2015 Mar. 1, 2015 Online jeopardy style game.
PlaidCTF Apr. 17, 2015 Apr. 19, 2015 Online jeopardy style game.
DEF CON CTF Qualifiers 2015 May 16, 2015 May 17, 2015 Online jeopardy style, more information soon!
Congratulations to the teams that have qualified so far, and good luck to all the teams still hacking! Enjoy Boston Key Party, PlaidCTF, and we hope to see you in our qualifiers in May!

Quick Qualification Update

DEF CON CTF qualifications will be held from UTC Midnight at the start of May 16, 2015, to UTC Midnight at the end of May 17, 2015. Forty-eight hours total.

Competition Start Date End Date Link Notes
DEF CON CTF 2014 May 17, 2014 Aug. 10, 2014 Qualified the Plaid Parliament of Pwning
SECCON CTF 2014 Dec. 12, 2014 Feb. 8, 2015 Qualifications round finished, finals in February 2015.
RuCTFE 2014 Dec. 20, 2014 Dec. 20, 2014 Finished.
Ghost in the Shellcode Jan. 16, 2015 Jan. 18, 2015 Finished.
Boston Key Party Feb. 27, 2015 Mar. 1, 2015 Online jeopardy style game.
PlaidCTF Apr. 17, 2015 Apr. 19, 2015 Online jeopardy style game.
DEF CON CTF Qualifiers 2015 May 16, 2015 May 17, 2015 Online jeopardy style, more announcements in 2015.

Thanks to skolor for the reminder to update this.