Shearwater Capture The Flag

Announcing the winner of the Shearwater Capture the Flag contest at AusCERT2016

…and the winner is… from the Ukraine, Team “dcua”. Shearwater Capture the Flag (CTF) challenge at AusCERT2016.

The 48 hr contest featured 30 uniquely crafted challenges written by the expert team at Shearwater Solutions. The challenges included Web Exploitation, Reverse Engineering, Forensics, and many others.

The contest was varied, featuring the usual capture the flag games, in addition to real-world scenarios inspired by hundreds of penetration tests and incident responses that we have conducted over the years. The result was a unique and diverse contest with challenges ranging from easy to mind-bending. This allowed players at all skill levels to participate. Contestants included students, amateurs, and seasoned professionals.

A number of participating teams proved surprisingly nimble, advancing swiftly through the competition and solving some of the challenges in ingenious ways. But as expected, Shearwater Capture the Flag team included scenarios that threw participants off-balance and diminished any hopes of a quick win. These challenges included “vmessage”, a forensic challenge, which took 30 hours to solve, and “doggone”, a packet analysis task, which took nearly 42 hours to solve.

All participants deserve acknowledgment, especially those who played solo for the duration of the competition. Other participants made a great effort to balance work commitments with the challenge, many of them enlisting colleagues along the way.

The top 3 teams at the competition were:

  • Team 1: dcua
  • Team 2: Capture the Swag??
  • Team 3: rand0ml0l2

This event was an opportunity for Shearwater to host a free educational initiative to benefit the Information Security Community. The feedback from players tells us that this contest has been a skill validation for some and a baptism of fire for others, but overall it was fun for all.

Event Summary:

  • Challenges were written by Shearwater Ethical Hacking team (SEH). Shearwater Ethical Hacking is a trusted provider of penetration testing services for the private sector and government organisations.
  • 95 teams registered for the contest. The majority of these teams were Australian but others joined from Asia, Europe, Africa, and the United States.
  • The players had diverse skill sets and included amateurs, students, and seasoned professionals.
  • Whilst all the challenges were solved, no single team was able to solve all the challenges.
  • “dcua”, a Ukrainian team, won the competition scoring 3250 out of the 5250 available points.
  • The hardest challenge was “doggone”. It was solved 42hrs into the competition.
  • The 2nd hardest challenge was vmessage. It was solved 30 hours into the competition.