Last week-end, I helped to host the Boston Key Party 2015 ctf! It was not only a Defcon CTF qualifier, but also a required participation for CMU SEC class!
- 1402 teams registered
- 828 ones scored at least 10 points
- 13627 flag guesses, for 5022 flags found, making something like ⅓ of success
- 31 challenges
The challenges board was also quite cool:
Points and solves
Since I wasn't really involved in the infrastructure, I'll focus on challenges instead.
One of the main difficulty in organizing a ctf (beside infrastructure) is to write and estimate how much do challenges worth.
The more a challenge is difficult, the more value its is granted. In a perfect world, if we happen to multiply how many time a challenge was solved with how much points it weights, we should always obtain the same number, for every challenge.
As you can see, the main mistake was haymarkey, an orange challenge, that was worth to many points.
The average is around 10k with haymarket, and 9k without; while the standard deviation is 6k and a bit less than 5k without it.
So, it seems that there was a single big mistake for challenges ranking, it's not that bad.
- blue (crypto): 214 solves
- green (school bus): 4188
- orange (reverse): 330
- red (pwning): 290
The most solved category was, as expected, School Bus; the other ones were solved between 200 and 300 times each, which is great : It means that there wasn't a super-(easier|harder) category.
Since this is my blog, I'll speak a bit about my challenges: Of the 31 one, I wrote 8.
- Symphony (writeup)
- Prudential (writeup)
- Northeastern Univ. (writeup)
- Museum of Fine Arts (writeup and the intended one)
- Longwood Medical (writeup)
- Brigham Circle. (writeup)
- Wellington (writeup and the indented one)
- Bowdoin (writeup)
While the 5 first ones of the list were in the School Bus category, Wellington was a 250pts orange (Reverse) and Bowdoin a 350 blue (Crypto). You can find them and their respective sources here
My major regret is that I should have been more careful when I generated the PDF for Bowdoin:
It was really hard to distinguish
But when I saw that the Balalaika Crew posted its flag in less than 45 minutes, I stopped feeling guilty.
Many thanks to gsilvis for proofreading my crypto challenge, and to crowell for letting me give a hand: hosting a ctf is as fun as playing one, only with more stress ;)
See you next year?