OOO logo

OOO --- DEF CON CTF

DEF CON CTF 2020 QUALS

Quals are finished, congrats A*O*E!

Scoreboard: scoreboard2020.oooverflow.io

The quals spanned 2 days, starting from May 16th UTC. (CTFtime - timeanddate)

For a little while, we may still chat on DEF CON’s official discord (CTF area).

Available data:

Pre-qualifiers

Only the world’s top teams make it to DEF CON. This enables the event to explore the cutting edge of the amazing things that the world’s hackers are capable of. But the trick, of course, is figuring out who these hackers are. In CTF, this is done through cut-throat competition.

Every year, the DEF CON CTF organizers select a number of prominent events in the CTF community as prequalifiers. The winner of each of these is automatically invited by the Order of the Overflow to compete in DEF CON CTF, and the OOO completes the roster by selecting teams through our own qualification round (scheduled this year for March 27th!) as well as last year’s DEF CON champion.

We select pre-qualifying events according to several considerations. We always look for quality events that present a variety of interesting challenges to their participants. We look for both prominent events with an established history and promising up-and-comers. And we have an additional metric: connecting the various global hacker communities. We want qualifiers not only to represent quality and innovation, but also to enable DEF CON to be a place where top hackers from the different worldwide hacker communities come together!

To that end, the Order of the Overflow has selected the following events as pre-qualifiers:

Additionally, teams will prequalify through the following DEF CON events:

From these events, we will identify the top hackers in the CTF community, invite them to DEF CON, and watch them battle it out at DEF CON 28. See you there!

What will DEF CON 28 CTF Finals look like?

As you might have heard, DEF CON 28 will be done in Safe Mode. This means that there will not be an in-person final event in Las Vegas. We will, however, host some form of final event! We’ll sort out the details as soon as we can.

New this year: GOLF CHALLENGES 🏌️‍♀️ 🏌️‍♂️ ⛳ IN CTF

Last year, we challenged you with an entire category of speedruns 🏎️: bite-size problems designed for hacking races. Speedrun challenges added a twist by letting the top teams dictate awarded points by beating each other to the punch.

What if they could also dictate the difficulty 🤔?

This year, the Order of the Overflow is excited to introduce a new style of CTF challenge: golf ⛳. In a golf challenge, teams race against time to solve a challenge that’s gradually degrading in difficulty. The sooner they solve it, the more difficult it remains, the harder it is for other teams to catch up, and the more points it will be worth. Can you keep those points out of the hands of your competition?

As an example, let’s look at how a King of the Hill ⛰️ challenge from DEF CON 27 Finals, The Bitflip Conjecture (writeups here, here, and here), where teams scored based on how many different bitflips their crafted shellcode survived. If The Bitflip Conjecture was deployed as a golf challenge, it might work like this:

As time passes and the threshold changes, the challenge becomes inherently easier. The easier the challenge, the more teams will eventually solve it, and the fewer points it will be worth for everyone. If you have the skills, it is in your interest to “lock” the difficulty as high as possible to keep the challenge harder, keep it solved by fewer teams, and get the most points out of it that you can.

Golf challenge ⛳ schedule for DEF CON 28 CTF Quals

Like speedruns, golf challenges have a time-critical ⏱️ component. Thus, we are pre-committing to a release of 3 golf challenges throughout the game, one 0 hours, one 8 hours, and one 16 hours after the start of the competition.

FAQs

Q: If I am the second team to solve a golf challenge, do I need to have a better solution than the first team to solve that challenge?

A: No, you need to have at least as good a solution. A solution exactly as good will continue to be valid for the challenge.

Q: How long is the grace period?

A: This varies by challenge and will be listed in the description.

Q: What is the starting threshold of a challenge?

A: This varies by challenge and will be listed in the description.

Q: How fast does the threshold change?

A: This varies by challenge and will be listed in the description.

Q: Does the threshold increase or does it decrease?

A: This varies by challenge and will be listed in the description. The threshold will only ever change monotonically in one direction.

Q: What happens if no one solves the challenge?

A: The threshold will continue to change until the challenge becomes trivial and is solved.

Q: If the threshold was at Y, and the first solution that satisfies it would also satisfy a “harder” threshold X, what is the threshold locked to?

A: The threshold would be locked to Y.