BSidesTLV 2018 CTF

Hall of Fame

1st Place2nd Place3rd PlaceHonorable mention
reclass (Nir Lavi and Intel’s team)
babyr00t (known also as dm0n)
JCTF (@schturdel, @nmontag, @YaakovCohen88 and Israel Erlich)
Adam Donenfeld
One of our volunteers was kind enough to deliver a care package to Adam Donenfeld – while not eligible to win, he did solve everything first.
The 2018 Winning team and some CTF memebers

Our Team

Tomer Zait
Nimrod Levy
Adir Abraham
GamingStore
c1337Shell
DockingStation
PySandbox-Insane
IAmBrute (w/Nimrod Levy)
Redirect me (w/Nimrod Levy)
IH8emacs (w/Nimrod Levy)
I’m Pickle Rick! (w/Nimrod Levy)
Creative Agency (w/Nimrod Levy)
ContactUs (w/Nimrod Levy)
Shared Directory
Can you bypass the SOP?
NoSocket
IAmBrute ( (w/Tomer Zait)
Redirect me ( (w/Tomer Zait)
IH8emacs ( (w/Tomer Zait)
I’m Pickle Rick! ( (w/Tomer Zait)
Creative Agency ( (w/Tomer Zait)
ContactUs ( (w/Tomer Zait)
Into the rabbit hole
Guy Barnhart-Magen
Gal Goldstein
Omer Agmon
Crypto2
T.A.R.D.I.S.
PimpMyRidehideinpILainsight
Kasif Dekel
WTFLOL (and wtflol_reflagged)

Challenges

We had a total of 17 challenges across a wide range of domains

Our much loved support team
Also on the team were Ido Naor, Ezra Caltum and Omer Cohen who gave advice and support, as well as QA 🙂

Resources

you can find our winner anouncment [here](BSidesTLV CTF 2018.pdf)

Our challenges are also available as a VM (courtesy of Tomer Zait)

Write Ups

https://jctf.team/BSidesTLV-2018/

https://www.digitalwhisper.co.il/issue97

https://www.digitalwhisper.co.il/files/Zines/0x61/DW97-2-BSides2018.pdf

https://hackso.me/bsidestlv-web/

https://t.co/klqz7gavLb

Statistics

312 teams registered

112 solved at least one challenge

1275 unique IP addresses

Running a Fair Game

This excerpt is from an incident that occured during the CTF.

Yesterday, June 9th at 18:26 we discovered that someone has shared the flag for one of our challenges on Pastebin.

Obviously, we considered this before starting the CTF and made a decision to trust our community and the rules of the game would be played fairly, and we still believe that the vast majority of the playing teams or playing for fun and do so fairly.

However, we couldn’t let one of our flags (worth 1,000 points!) run around free, so we made a difficult choice. Even though the likelihood of further spreading of that flag is minimal, we modified the challenge slightly to include another step in the flag creation, making the original flag obsolete.

this is on no way the fault of the hard-working, serious players who were hurt by this decision, but rather a way for us to move forward and keeping (a rather excellent) challenge with us – without using the original flag.

as to the people behind the leaked flag, and the submission of the leaked flag to get points – we took their word that this was not intentional, and we are keeping a close watch for the rest of the competition.

Please play fairly! both for your sake, and for the fun of everyone else!