The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants. The iCTF contest is organized by Prof. Giovanni Vigna of the Department of Computer Science at UCSB, and is held once a year (usually at the beginning of December).
The 2013 iCTF was held on Friday, December 6th, 2013 from 8am to 5pm PST.
Info on this year's CTF:
- Congratulations to the Bushwhackers, who won the competition and have bragging rights and $1,024 coming their way!
- The services team had to exploit and defend (teams played on a 32-bit Ubuntu VM with no root access and no address space randomization).
- All info sent to the teams.
iCTF signups are closed!
Please keep in mind that the iCTF is open only to academic teams. This means that each team must be comprised of university students (a few non-student friends are fine) and represented by a professor at that university.
To hear about future developments, subscribe to the iCTF participants mailing list.
This year the competition is sponsored by Lastline, Inc.
Lastline provided a $1,024 cash prize for the winner of the competition.
Lastline is looking for web developers, IT admins, analysts, and interns.
If you are interested, send email to firstname.lastname@example.org.
The Capture The Flag contest is multi-site, multi-team hacking contest in which a number of teams compete independently against each other.
In traditional editions of the iCTF (2003-2007), the goal of each team was to maintain a set of services such that they remain available and uncompromised throughout the contest phase. Each team also has to attempt to compromise the other teams' services. Since all the teams received an identical copy of the virtual host containing the vulnerable services, each team has to find vulnerabilities in their copy of the hosts and possibly fix the vulnerabilities without disrupting the services. At the same time, the teams have to leverage their knowledge about the vulnerabilities they found to compromise the servers run by other teams. Compromising a service allows a team to bypass the service's security mechanisms and to "capture the flag" associated with the service.
For the past years (2008-2012), new competition designs have been introduced. More precisely, in 2008 we created a separate virtual network for each team. The goal was to attack a terrorist network and defuse a bomb after compromising a number of hosts. In 2009, the participants had to compromise the browsers of a large group of simulated users, steal their money, and create a botnet. In 2010, the participants had to attack the rogue nation of Litya, ruled by the evil Lisvoy Bironulesk. A new design forced the team to attack the services supporting Litya's infrastructure only at specific times, when certain activities were in progress. In addition, an intrusion detection system would temporarily firewall out the teams whose attacks were detected. In 2011, the participants had to "launder" their money through the execution of exploits, which had some risks associated with them. This created an interesting exercise in evaluating the risk/reward trade-offs in network security. In 2012, teams had to "weaponize" their exploit and give them to the organizer, who would then schedule their execution. This last design was a first step towards the creation of a "cyber-range" where interesting network datasets can be created to support security research.
History and Background
The UCSB CTF evolved from a number of previous security "live exercises" that were carried out locally at UCSB, in 2001 and 2002. The first wide-area edition of the UCSB CTF was carried out in December 2003. In that CTF, fourteen teams from around the United States competed in a contest to compromise other teams' network services while trying to protect their own services from attacks. The contest included teams from UCSB, North Carolina State University, the Naval Postgraduate School in Monterey, the West Point Academy, Georgia Tech, University of Texas at Austin, and University of Illinois, Urbana-Champaign.
In 2004, the UCSB CTF evolved into an international exercise (hence, the name "iCTF"), which included teams from the United States and Austria, Germany, Italy, and Norway.
In 2005, the UCSB iCTF evolved into an intercontinental exercise, which included 22 teams from North America, South America, Europe and Australia. This was never be attempted before on such a large scale.
In the following years, the size of the iCTF kept increasing. In 2012, the UCSB iCTF involved 89 teams and more than a thousand students, making it the largest CTF hacking competition ever performed on the Internet.
Point of contact
The Capture The Flag (CTF) is organized by Giovanni Vigna, at UCSB.
This is the contact information:
- E-Mail: email@example.com
- Web: http://www.cs.ucsb.edu/~vigna
- Office: Harold Frank Hall, Room 2159
- Address: University of California
Department of Computer Science CS-66
Santa Barbara, CA 93106-5110, USA
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.1 (GNU/Linux) mQGiBD7mK/MRBAC0LMdSYMw/V1yBa2uPYl6gmTt1ydk35CFM+LaiymvYJ9tcVNX5 +id4YkKeQzRigg7RCTbfgUjw23zXapUpIZgIK3RvXbMVsxdq1otQkZyRf/7VZSMl EVnlflNaqy7O3tjVbNCbEEl0GAGp5UwzYfTcix44mYYNdgHcvkbgq5GXFwCgzpsq CuNqq0+CyFGhI9S1R+aIya8D/0iNMYyU3M5YDhNyRs5Gtjebhc2eGExCR71QjRww qNyWTlr43nsP1A8ckPdeqjd1vrSp/F9eFAIcDUlZmyDYlmFUSYO2X17xZBNqgDAu jnrduuuuu4l3owqVILFIhgs8EwNNA0bVSxwgwFCQsGWuJr5cNXTggZVKdsqfRyR5 reh4A/9wJcXXOulUNpEbUmrDEMVeNvEdEdIh4nQdyxi1pcggAhc2WxiFu1NOSYsL daKLDB4kiP3xfdK7Cq+scvvx6NdKsSDWYibQ0uMfvYDzX3LMKpBBvKxDyD0pfJjg DLSe9cn7Tp03b7kTKFxRC0FhydT7ECr7cqw6vsNF3cBjaN1YSbQiR2lvdmFubmkg VmlnbmEgPHZpZ25hQGNzLnVjc2IuZWR1PohZBBMRAgAZBQI+5ivzBAsHAwIDFQID AxYCAQIeAQIXgAAKCRCrju5XfPpVYjO2AKDDsYft/N00g+v2511Laxpzv9Dp0ACd FTTMe4I3mCI6zW38v62OECHPR6i4zQQ+5iv0EAMAn8y7knVSp1raHNdGzwUC+i4h 4TBl5DBxzcBS591K28ef6+o1rBnSJBdP5370vGxvUNczRJwFXnRctoj9et3enraM mF0SxD+qadyFdukeFJr5cqdfMWTwwjh9efRsS3JnAAMFAv9KTUYTSUjTFrqjw8+H 4npDq6VVy7cXo/3hHLGXhO2DGu9x1RbglFyeSoMbq2ALjLhJJs1I1NemhySN8ZfO DdC9WITYKDasCcIj4b5dcgkxMg0XSwi7FRToVdyww2jIWKuIRgQYEQIABgUCPuYr 9AAKCRCrju5XfPpVYt3tAJ9LT1PibtwUEyZPNyrDFWsyvSwkDgCgqOOGkfYzZgQE JOLKi4o/eFOM5cs= =/UFb -----END PGP PUBLIC KEY BLOCK-----