Re: DefCon CTF

["Red Dragon" <rd () vnsecurity net>]

On Thu, Aug 14, 2008 at 1:01 PM, Jared DeMott
<jdemott () crucialsecurity com>wrote:

>  One thing that was interesting this year at Defcon was CTF, which was a
> bit of a blowout, even though the game itself was reasonably fair and
> there were lots of good teams competing. At some point it would be cool
> if school of root (the winning team) posted how they did it.
>
>
>  Team 1@stPlace enjoyed our 2 year winning streak, but we got sch00led
> hard.  :)  I couldn't be happier to lose[0] to them, though.
>
> As an outside observer of their team for many years, I think that SoR
> finally overcame the classic "too many people" problems and didn't step
> all over themselves like has happened for many teams over the years with
> more people than can sit at the CTF tables.
>
> Additionally, I think Kenshoto also raised the bar on the reversing,
> which gave a (well-deserved) advantage to the stronger reversers.
> I'm sure CollabREate[1] didn't hurt SoR either.
>
> As a quick list, I'd say this year the main difference seemed to be very
> well considered custom shellcode, excellent automation and tracking,
> strong network defense, and some additional tricks that we have some
> theories about.  I'd love to hear more details too.  :)
>
>
> Ya, from what I saw (and from what ChrisEagle said) skewl just brought out
> all the horses.  With a 26 man team (to our 8-10) they were overpoweringly
> strong, and led by the master CE to bring down the house RE style.  For the
> last couple years we've rocked as a balanced team and mastered things like
> automation, counter attack, defense, inline-snorting, and of course DRB with
> the RE power -- but this year more than ever break through points (first to
> RE and exploit a vul) was key -- score quick, score often.  If the game
> stays the same, bringing a small army of reversers is possibly a strong road
> to success, especially if you've mastered the personal issues of large
> teams, and understand the rest of the game as well.  Skewl rocks, and they
> deserved to win.  I'm not at all suggesting that numbers was the only reason
> they won.  Though, I wonder if Kenshoto will try and address the large team
> approach?  I'm really not sure much can be done there, so I guess it's just
> one strategic approach?  CE trains folks that move on to gov and industry,
> so now when he raises a call to arms, he can muster a sizable team that we
> might have trouble matching.  Though, I suppose we could try that approach
> as well.  I doubt we will though, I think our team has always felt that
> sleek and tight was better than big.  Though if you tighten up big ...
> perhaps (obviously) you yield greater production?

I think it's just unfair in term of the number of people in the team.
Especially for "foreign" teams since US teams normally have more ppl.
Chris's team was like 2.5 times larger than other teams.

--rd

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave