Forwarded from: The Dark Tangent <dtangent@private> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Call for DEFCON Capture the Flag Organizers. - ----------------------------------- Wanted: An evil large multinational corporation, or... An nefarious group of genius autonomous hackers, or... A shadowy government organization from somewhere in the world To: Host, recreate, and innovate the worlds most (in)famous hacking contest. Why: For everlasting fame, intrusive media interviews, the respect of your peers, or the envy of your enemies. Do you have what it takes and know what we're talking about? The Story: After taking it to the next level, creating a spectators sport out of geeks sitting at their keyboards 0wning machines, and fabulous recognition around the world, the Ghetto Hackers have retired their Root Foo as the hosts of DEFCON's Capture The Flag. Our contest is not over, merely in transition to the next keepers of the flame. This is the opportunity you and your crew, company, or government has been waiting for. You too can pour your heart, countless hundreds of hours into planning, producing, and executing the world's most famous contest of hacking skills. Like all of our contests, they are run by volunteers. Our intent is to make a game that's fun for its participants. While the Ghetto did a fabulous job of allowing CTF to be a team and spectators sport through scoring visualizations, commentators, game updates, et cetera, this is not a requirement. They took it to a new level in one area, and you can take it to another. The heart hacking has many facets. Your constraints: You must design a cool contest. This contest could have a multiplayer/team aspect, but does not have to. Your contest can be based on previous games, but shouldn't be a mere replication of previous games. You can determine the teams/participants before DEFCON, or at the conference. You can have multiple contests (for example, one contest with individuals, one with teams). You determine the constraints, size of teams, allowing remote teams to play, and more. You design the network topology. You determine the rules. Your group will determine the winner, and the losers. The idea behind this CFP is not to ask people to reproduce past Capture the Flags, but to have your group reinvent and create something new, based on the same ideas of creativity and energy. Challenge your friends! You MUST: Clearly communicate the rules to the participants before the contest, set up clear eligibility requirements (if any) before the conference, set up the network, provide any infrastructure that you wish to be part of the game, referee the game while it is taking place, create a scoring system, and determine winners. The easier it is for contestants to understand how to win, the more fair the contest will feel. The contest must end no later than two hours before the end of DEFCON (5pm Sunday) in order to provide time for final scoring and the awards ceremony. Your contest MUST NOT: Interfere with the DEFCON networks (ie: it must be a separate network), interfere with the 'live internet', involve non-consensual parties (ie: anyone who hasn't explicitly agreed to take part in the contests), take bribes that are not equally shared with the DEFCON staff. In the past network traffic on CTF has been captured for later forensic analysis by groups such as shmoo, and Source Fire and shared with the community to further ids and network sniffer developers. Expect that we will give access to those wanting to capture traffic while not actively participating in the contest. Suggestions: Allowing 'lone gunman' to participate (not require group play). This could be a separate contest, or they could participate in competition with teams (handicaps for teams, perhaps) Allowing 'outside players', perhaps a VPN connection with one representative at DEFCON, the rest of a shadowy team located elsewhere in the globe. Incorporating non intrusion/defense techniques to the game - stenography, covert communication channels, riddles/puzzles, social engineering, hardware hacking, radio direction finding, etc. A 'theme' (like forensics, covert channels, attacking, defending, application security, host security, etc.) that would be announced beforehand with the contest focused around the theme. You will be judged: On any innovations or revolutionary enhancements to the game. On the feasibility of your team getting all the work done (note: we will publicly humiliate you if you get accepted and fail to perform!). On the amount of fun (as measured in FunMeters) that participants will have. Resources we can provide: Badges to the conference and access to the CTF area for setup on Thursday, the day before the con. Physical space roughly equal to that which has been provided at past DEFCONs. Tables for participants to use. Screens and LCD projectors to display data with. Network connections from the net if necessary. Some network gear and power strips - please let us know early what you need so we can plan for it. Prizes for the winning people or teams. Research pointers: If you haven't been to DEFCON before, you should understand the environment your contest must operate in! http://www.defcon/ will get you started. These may help give you an idea about past contests, what has worked, and what hasn't. Ceazar gave a presentation on running hacking contests at Black Hat Asia (learn from a master): http://www.blackhat.com/presentations/bh-asia-04/bh-jp-04-pdfs/bh-jp-04-eller/bh-jp-04-eller.pdf Shmoo's CTF sniffing project: http://www.shmoo.com/cctf/ DC 10 Rules: http://www.DEFCON.org/html/DEFCON-10/dc-10-post/DEFCON-10-ctf-rules.html DC 11 CTF Announcement: http://www.DEFCON.org/html/DEFCON-11/events/dc-11-ctf-teams.html White paper on a teams participation: http://www.cse.ogi.edu/~crispin/discex3_autonomix_DEFCON.pdf Ceazar briefly discusses CTF before GH ran the contest: http://www.antioffline.com/10/ghettohackers.html While there is no formal submission form to fill out, you should address as many of these issues as you can. This will be a two way process if you make the initial cut. We want you to succeed as much as you do! Think long and hard if this challenge is for you and your friends, then contact ctf at defcon dot org with your proposal. A discussion area has been created on the DEFCON forums (http://forum.defcon.org/) under the DEFCON 13 Events section to cover new ideas, ask for feedback, and get an idea of what is going on. Thank you, The Dark Tangent -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQe3i7w6+AoIwjTCUAQLTBQf8CIsYWP674Dyazq3kiYNukTR1lqEdAEQu VVeRruKe4IJ4eS+IqH/TTf0B2Eu42fjX6W/EHIhYeBrbQ8zSGxiGrozA6l1j+H78 uNlvWIB4BUhL3A0rR7neHrxodVXrp2XfRWTrZNtZoJbPSmYDhM5UGB6pgcClci/Z JhzR9oZ4Y9gQTBC7/bnNjt+Ps9BS6k3G5z6Zcg3Et+IfCXAxOFdeXtrTtUTKvm8Y zJ/Q9384KlZwsjT7HNE9IvBuKoRCrU7t7fdT8hX+wc6XbaZE0N3lgmMu3Ft/T1OW BpwwMDsGJ5sbHZAojlo1BC5h59awYelEdVg58Lj/pfIw2JpCMNu4WA== =z0od -----END PGP SIGNATURE----- _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Wed Jan 19 2005 - 01:03:19 PST