The UCSB iCTF

• Overview
• Software
• Images
• Data
• Links
• Archives
• Truth

The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants. The iCTF contest is organized by Prof. Giovanni Vigna of the Department of Computer Science at UCSB, and is held once a year (usually at the beginning of December).

The 2011 iCTF was held on Friday, December 2nd, 2011, from 8am to 5pm, PST.

The competition was a game that involved attacking, defending, solving security challenges, and strategizing the teams' actions.

The winner of the competition are:

1. We_0wn_You (see their write-up)
2. More Smoked Leet Chicken (see their write-up)
3. FluxFingers (see their write-up)

The traffic dumps from the competition are available here, and the vulnerable image is available here!

The competition is sponsored by Adobe, who is providing cash prizes! First prize: 2,000 USD Second prize: 1,000 USD Third prize: 500 USD

Information

• A description of the 2011 iCTF game structure is available here.
• A powerpoint presentation of the iCTF game (previous and current) is available here.
• The final scoreboard of the compeition can be found here.
• A video that shows the scoreboard animations is available here.
• Videos of the flying drone associated with one of the challenges are available here and here. The hackers had to take control of the drone and fly it in front of a screen with a QR code, which would give the solution to the challenge.
• The KCLU sound bite is available here.
• Some stats about the competition are available here.
• A video interview presenting the competition can be found here.
• Videos of people doing a rm -fr / on other people servers (here, here, and here). Lessons learned: don't run your services as root.
• Some solutions to the challenges can be found here.
• An animation that shows how challenges were solved can be found here.

To hear about future developments, subscribe to the iCTF participants mailing list.

Overview

The Capture The Flag contest is multi-site, multi-team hacking contest in which a number of teams compete independently against each other.

In traditional editions of the iCTF (2003-2007), the goal of each team was to maintain a set of services such that they remain available and uncompromised throughout the contest phase. Each team also has to attempt to compromise the other teams' services. Since all the teams received an identical copy of the virtual host containing the vulnerable services, each team has to find vulnerabilities in their copy of the hosts and possibly fix the vulnerabilities without disrupting the services. At the same time, the teams have to leverage their knowledge about the vulnerabilities they found to compromise the servers run by other teams. Compromising a service allows a team to bypass the service's security mechanisms and to "capture the flag" associated with the service.

For the past three years (2008, 2009, and 2010), new competition designs have been introduced. More precisely, in 2008 we created a separate virtual network for each team. The goal was to attack a terrorist network and defuse a bomb after compromising a number of hosts. In 2009, the participants had to compromise the browsers of a large group of simulated users, steal their money, and create a botnet. In 2010, the participants had to attack the rogue nation of Litya, ruled by the evil Lisvoy Bironulesk. A new design forced the team to attack the services supporting Litya's infrastructure only at specific times, when certain activities were in progress. In addition, an intrusion detection system would temporarily firewall out the teams whose attacks were detected.

History and Background

The UCSB CTF evolved from a number of previous security "live exercises" that were carried out locally at UCSB, in 2001 and 2002. The first wide-area edition of the UCSB CTF was carried out in December 2003. In that CTF, fourteen teams from around the United States competed in a contest to compromise other teams' network services while trying to protect their own services from attacks. The contest included teams from UCSB, North Carolina State University, the Naval Postgraduate School in Monterey, the West Point Academy, Georgia Tech, University of Texas at Austin, and University of Illinois, Urbana-Champaign.

In 2004, the UCSB CTF evolved into an international exercise (hence, the name "iCTF"), which included teams from the United States and Austria, Germany, Italy, and Norway.

In 2005, the UCSB iCTF evolved into an intercontinental exercise, which included 22 teams from North America, South America, Europe and Australia. This was never be attempted before on such a large scale.

In the following years the size of the iCTF kept increasing. In 2010, the UCSB iCTF involved 72 teams and almost 900 students, making it the largest live security exercise ever performed on the Internet.

The exercises up to 2007 were loosely based on the DEFCON Capture the Flag contest. Acknowledgments go to the Ghetto Hackers that did such a wonderful (and inspiring) job in organizing the CTF contest at DEFCON and to Kenshoto, who picked up the task of running the CTF and found ways to improve it. Many of the ideas of our iCTF are derived from the DEFCON CTF and the lessons learned by participating to the DEFCON contest.

Those exercises were different from the DEFCON contest because it involves several educational institutions spread across the different continents. The DEFCON contest includes locally connected teams only.

In addition, the DEFCON contest has always involved a limited number of teams. We developed a new network solution that allows a large number of teams to participate. The UCSB CTF is the largest existing live security exercise.

Finally, we used a novel technique, called "blending", to route traffic among the teams that allows for a more realistic experience.

Point of contact

The Capture The Flag (CTF) is organized by Giovanni Vigna, at UCSB.

This is the contact information:

• E-Mail: vigna@cs.ucsb.edu
• Web: http://www.cs.ucsb.edu/~vigna
• Office: Harold Frank Hall, Room 2159
• Address: University of California
  Department of Computer Science CS-66
  Santa Barbara, CA 93106-5110, USA
• PGP key:

  -----BEGIN PGP PUBLIC KEY BLOCK-----
  Version: GnuPG v1.2.1 (GNU/Linux)
   
  mQGiBD7mK/MRBAC0LMdSYMw/V1yBa2uPYl6gmTt1ydk35CFM+LaiymvYJ9tcVNX5
  +id4YkKeQzRigg7RCTbfgUjw23zXapUpIZgIK3RvXbMVsxdq1otQkZyRf/7VZSMl
  EVnlflNaqy7O3tjVbNCbEEl0GAGp5UwzYfTcix44mYYNdgHcvkbgq5GXFwCgzpsq
  CuNqq0+CyFGhI9S1R+aIya8D/0iNMYyU3M5YDhNyRs5Gtjebhc2eGExCR71QjRww
  qNyWTlr43nsP1A8ckPdeqjd1vrSp/F9eFAIcDUlZmyDYlmFUSYO2X17xZBNqgDAu
  jnrduuuuu4l3owqVILFIhgs8EwNNA0bVSxwgwFCQsGWuJr5cNXTggZVKdsqfRyR5
  reh4A/9wJcXXOulUNpEbUmrDEMVeNvEdEdIh4nQdyxi1pcggAhc2WxiFu1NOSYsL
  daKLDB4kiP3xfdK7Cq+scvvx6NdKsSDWYibQ0uMfvYDzX3LMKpBBvKxDyD0pfJjg
  DLSe9cn7Tp03b7kTKFxRC0FhydT7ECr7cqw6vsNF3cBjaN1YSbQiR2lvdmFubmkg
  VmlnbmEgPHZpZ25hQGNzLnVjc2IuZWR1PohZBBMRAgAZBQI+5ivzBAsHAwIDFQID
  AxYCAQIeAQIXgAAKCRCrju5XfPpVYjO2AKDDsYft/N00g+v2511Laxpzv9Dp0ACd
  FTTMe4I3mCI6zW38v62OECHPR6i4zQQ+5iv0EAMAn8y7knVSp1raHNdGzwUC+i4h
  4TBl5DBxzcBS591K28ef6+o1rBnSJBdP5370vGxvUNczRJwFXnRctoj9et3enraM
  mF0SxD+qadyFdukeFJr5cqdfMWTwwjh9efRsS3JnAAMFAv9KTUYTSUjTFrqjw8+H
  4npDq6VVy7cXo/3hHLGXhO2DGu9x1RbglFyeSoMbq2ALjLhJJs1I1NemhySN8ZfO
  DdC9WITYKDasCcIj4b5dcgkxMg0XSwi7FRToVdyww2jIWKuIRgQYEQIABgUCPuYr
  9AAKCRCrju5XfPpVYt3tAJ9LT1PibtwUEyZPNyrDFWsyvSwkDgCgqOOGkfYzZgQE
  JOLKi4o/eFOM5cs=
  =/UFb
  -----END PGP PUBLIC KEY BLOCK-----
  

---

The UCSB iCTF - http://ictf.cs.ucsb.edu/