Once again, Kenshoto hosted the 2007 DefCon (WarGamez) Capture-the-Flag Contest. It ran for three days, and we barely slept: Aug 3rd 10am-8pm, Aug 4th 10am-8pm, and Aug 5th 10am-2pm.

This year was a return to classics (FreeBSD, firewalling, network-based token delivery), and was a steep race the whole time. Sk3wl0fr00t laid down the reverse-engineering foo, but we (Team 1@stPlace: @tlas, Doc Brown, Fury, JROD, Mezzendo, Plato, Psifertex, Shiruken, and Wrffr) managed to stay a hair above them in points, and won it for the second year in a row. Teams competing were:

• 1@stPlace
• Sk3wl0fr00t
• Song of Freedom
• FEDNAUGHTy
• [0x28]Thieves
• Routards
• Osu, Tatakae, Sexy Pandas!
• our wives are pissed

Very cool to have a more international competition! There were teams from Korea, Spain, France, and Germany.

Check back here for a possible write-up. CTF is much larger than the quals, so it may take some time (and masochistic tendencies) to do a detailed walk-through of the entire contest. So far, there is:

• Rolodex - we promised Song of Freedom that we would write up the solution
• HFD - the Sexy Pandas wrote up their solution

Some fun CTF news and pictures links:

• Friday Scoreboard
• Saturday Scoreboard
• Sunday Scoreboard
• Hard at work
• Awards Ceremony - @tlas gets another banner :)
• alligator online - mezzy and psifer get props
• Security Ripcord - fun write-up

1. Keep services up at all times. Who cares if someone is stealing your keys?! Service Level is a direct multiplier of all other points.
2. Automate attacks. Spend your time developing new attacks, not running old ones.
3. Automate key management. Spend your time stealing new keys, not shuffling old keys.
4. Reflect attacks. If there's an attack on the wire, capture it and use it against the other teams.