DefCamp Capture the Flag competition has nominated the winners after 24 hours of fierce competition. The online qualification stage for the most awesome cyber security competition from CEE ended on October 1st and the key figures are as follows:
-> about 1,000 teams from 95 countries entered the competition
-> around 6,000 unique players on the website during the competition
-> 74,145 points collected, 2869 flags correctly submitted, 8313 incorrect flags
-> most solvers (344 at a Junior challenge), least solved (2 solvers at a Reverse challenge)
Meet the winners:
The DCTF Quals was won by “Eat Sleep Pwn Repeat”, a team from Germany who dominated the top during the 24 hours of competition. On the second place was “HackingForSoju” team from Sweden who is already at the 3rd participation of DCTF. The third place was occupied by a team of students from Canada under the name “NorthernCoalition”. Only one team from Romania entered the top 30 and qualified in the 4th place.
“It is said that you are not a complete cyber security specialist unless you have been involved at least once in a Capture the Flag competition. For us, the organizing team, DefCamp Capture the Flag is every year a challenge. With each edition we are looking for ways to innovate and bring real and yet diverse scenarios to the participants. In cyber security, you must keep up with the novelties in order to successfully handle the newest types of attacks that occur. Our goal is to help participants develop their skills and knowledge as much as possible, “ said Andrei Avădănei, founder of DefCamp.
Clues and obstacles were included in the game, and the problems were based on real situations inspired from IT ecosystems and on real vulnerabilities, making this competition extremely exciting for the participants. Moreover, the qualification stage has put all competitors in a difficult trial testing their knowledge with data encryption algorithms that contain vulnerabilities, web applications and software that can only be exploited through reverse engineering techniques and the development of advanced exploits on various operating systems.
Anatol Prisacaru, D-CTF Lead mentioned that “It’s always a great pleasure to organize DefCamp CTF. It takes a lot of focus to make sure all the challenges are properly done and no bypasses can be found and yet there are always teams with amazing skills that are still able to impress with unique solutions. There are a lot of positive vibes from numerous participants around the world. In just 15 minutes I’ve exchanged a couple of words with some guy from Moscow about that MD5 Length Extension attack and Redis SSRF, then someone else from Da Nang, Vietnam pings me asking if they are on the right track since they have found part of the flag and just can’t get it right because of a typo, followed by a short but amazing chat about DWARF debugging data in ELF binaries with a Swedish guy that I’ve met last year at the finals, on and on for 24 hours – ain’t that exciting? I just can’t wait for the finals to meet the best 15 teams in person in Bucharest!
A first for this kind of competition was that the participants of this edition could exploit vulnerabilities in blockchain. We included a challenge that duplicates the DAO attack that happened in 2016 when more than 3.6 million Ethereum worth $ 70 million were lost. Also, for the first time at DefCamp Capture the Flag, there was also a category of challenges addressed to beginners. This category proved to be the most popular of the entire qualifying stage where nearly 500 teams solved at least one problem.
The Grand Finale of the competition will take place in Bucharest, Romania during DefCamp between November 9th -10th. The leading 15 teams will join to win the title and awards worth over 3.000 euros. Moreover, being part of the D-CTF Final allows all the team members to meet famous speakers who will be on DefCamp stage and to interact with over 1,300 attendees at the conference.
DefCamp 2017 is powered by Orange România and it’s organized by the Cyber Security Research Center from Romania (CCSIR) with the support of Ixia, a Keysight Business as Platinum Partner, and with the help of Bitdefender, SecureWorks, Amazon, Enevo Group and Bit Sentinel.