Last month, in preparation for Defcon 17, the qualifiers were held for capture the flag, one of Defcon’s most well known events. One participant, [mongii], did a writeup on how to solve problem B300. The challenge was to find the decryption key used by a program that had several twists that hindered debugging. After grappling with self-modifying code and junk instructions, the team was finally able to find the answer. This win helped Sapheads place in the top 10.  Over at xchng.info, they are collecting solutions to the other problems. Sadly, they’re not all in comic form.

Kenshoto, organizer of the official Defcon Capture the Flag contest for the last four years, has stepped down from the position, and thus Defcon is looking for a new organizer for the event. If you’re highly competent, and maybe a little crazy, this might be your chance to step in and run one of the most well-known and prestigious hacking contests in the world. Please understand that the staff is looking for someone who wants to take ownership of the contest and make something new, unique, and challenging, and that Kenshoto has left extremely huge shoes to fill. Merely offering to replicate the existing contest and keep things mostly unchanged isn’t going to cut it.

If you’re up to the challenge, check out Dark Tangent’s post on the Defcon forums (which, for some odd reason, sounds strikingly like his 2005 post calling for a CTF organizer), where he comprehensively lays out what the staff is looking for in a new event organizer. If it jives well with you, get in touch with the Defcon staff, and maybe we’ll be covering your contest later this year.

While we had been excited about 25C3′s CTF competition, we couldn’t even venture a guess as to who would win. It seems the iphone-dev team weren’t satisfied to just give an amazing talk. They teamed up with the Wii hackers from HackMii to win the competition. You can see their progress during the eight hour competition above in red. It’s impressive to see hardware hackers jumping over to network security AND completely killing at it.

Capture the Flag (CTF) is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. Every team gets an identical virtual machine image. The VM has a set of custom written services that are known to be vulnerable. The teams work to secure their image while simultaneously exploiting services on the machines of other teams. A scoring server monitors the match as it progresses and awards points to teams for keeping their services up and also for stealing data from their competitors.

The Chaos Communication Congress in Berlin December 27-30, 2008 will host a CTF competition. Most CTF matches are done head to head in the same room. While 25C3 will have local teams, it will also be wide open for international teams to compete remotely. Remote teams will host their own images on a VPN with the other competitors. Now is a good time to register and familiarize yourself with the scoring system. It will certainly be interesting to see how this competition plays out now that teams that can’t make the trip can still compete.

The qualification started Friday night at 10PM EDT with an email (Subject: M0rt4g3 y0ur /14gr4 up 2 3 1nch3$) being sent to all 451 registered teams. Connecting to the game server displayed a Jeopardy style score board. The five available categories were Binary Leetness, Forensics, Real World, Potent Pwnables, and Trivia, with point values from 100 to 500. Only one question was opened to start. The first team to answer that was allowed to select the next question to open and then any team could try to answer it. Participants were warned about the difficulty of the 500 level questions and the entire Real World category. At the end of everything, four questions still remained locked at the end.

If you’re interested in what type of questions the contest had, check out the write up on NOPSR.US, which has all the files and solutions. Non-qualifiers can still participate in DC949′s OpenCTF.

[via Midnight Research Lab]