Midnight Research Labs

Defcon 2008 CTF Write-up
aaron posted in Uncategorized on August 14th, 2008

1@stPlace recently posted a write-up on the Defcon CTF competition. There’s not too much detail on the specific contests that were run, but it’s good to get some insight into the competition. Also of note is a blog post from atlas, the team captain for 1@stPlace, talking a bit more about the competition.

I’ve heard a bit of speculation about how skewl of root was able to dominate the competition so thoroughly. Here’s an interesting quote from atlas on the topic:

This year, Sk3wl multiplied both the evi1 as well as the technical awe of our attack from last year, instead, denying any of our teams the ability to score. How they did this, I can’t say specifically, but let’s just say they pwned the services themselves and made their own version of a “service-r00tkit”, modifying information to either prevent us from gaining shell on the box or changing the contents of keys so we received bogus keys and our overwrites were dorked as well.

Something else I found pretty interesting was a blurb from atlas on a pretty interesting sounding challenge:

Kenshoto provided a text file with all of shakespeare’s works. our job was to find the longest run of bytes which convert to x86 opcodes which don’t touch memory.

If anyone else knows about other posts, or has other information on either the CTF or openCTF challenges at Defcon, I’d love to hear about them.

The scoreboard @ CTF: