Re: DefCon CTF

[Jared DeMott <jdemott () crucialsecurity com>]

Doc Brown wrote:
> On Wed, Aug 13, 2008 at 04:47:01PM -0400, Dave Aitel wrote:
>   
> > One thing that was interesting this year at Defcon was CTF, which was a
> > bit of a blowout, even though the game itself was reasonably fair and
> > there were lots of good teams competing. At some point it would be cool
> > if school of root (the winning team) posted how they did it.
> >     
>
> Team 1@stPlace enjoyed our 2 year winning streak, but we got sch00led
> hard.  :)  I couldn't be happier to lose[0] to them, though.
>
> As an outside observer of their team for many years, I think that SoR
> finally overcame the classic "too many people" problems and didn't step
> all over themselves like has happened for many teams over the years with
> more people than can sit at the CTF tables.
>
> Additionally, I think Kenshoto also raised the bar on the reversing,
> which gave a (well-deserved) advantage to the stronger reversers.
> I'm sure CollabREate[1] didn't hurt SoR either.
>
> As a quick list, I'd say this year the main difference seemed to be very
> well considered custom shellcode, excellent automation and tracking,
> strong network defense, and some additional tricks that we have some
> theories about.  I'd love to hear more details too.  :)
>
> -Doc
>   
Ya, from what I saw (and from what ChrisEagle said) skewl just brought 
out all the horses.  With a 26 man team (to our 8-10) they were 
overpoweringly strong, and led by the master CE to bring down the house 
RE style.  For the last couple years we've rocked as a balanced team and 
mastered things like automation, counter attack, defense, 
inline-snorting, and of course DRB with the RE power -- but this year 
more than ever break through points (first to RE and exploit a vul) was 
key -- score quick, score often.  If the game stays the same, bringing a 
small army of reversers is possibly a strong road to success, especially 
if you've mastered the personal issues of large teams, and understand 
the rest of the game as well.  Skewl rocks, and they deserved to win.  
I'm not at all suggesting that numbers was the only reason they won.  
Though, I wonder if Kenshoto will try and address the large team 
approach?  I'm really not sure much can be done there, so I guess it's 
just one strategic approach?  CE trains folks that move on to gov and 
industry, so now when he raises a call to arms, he can muster a sizable 
team that we might have trouble matching.  Though, I suppose we could 
try that approach as well.  I doubt we will though, I think our team has 
always felt that sleek and tight was better than big.  Though if you 
tighten up big ... perhaps (obviously) you yield greater production?

jrod



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave