Last week-end, I helped to host the Boston Key Party 2015 ctf! It was not only a Defcon CTF qualifier, but also a required participation for CMU SEC class!

Numbers

1402 teams registered
828 ones scored at least 10 points
13627 flag guesses, for 5022 flags found, making something like ⅓ of success
31 challenges

The challenges board was also quite cool:

challenges

Points and solves

Since I wasn't really involved in the infrastructure, I'll focus on challenges instead.

Weight estimation

One of the main difficulty in organizing a ctf (beside infrastructure) is to write and estimate how much do challenges worth.

The more a challenge is difficult, the more value its is granted. In a perfect world, if we happen to multiply how many time a challenge was solved with how much points it weights, we should always obtain the same number, for every challenge.

Points time solves

As you can see, the main mistake was haymarkey, an orange challenge, that was worth to many points.

The average is around 10k with haymarket, and 9k without; while the standard deviation is 6k and a bit less than 5k without it.

Points time solves, without haymarket

So, it seems that there was a single big mistake for challenges ranking, it's not that bad.

Solves

blue (crypto): 214 solves
green (school bus): 4188
orange (reverse): 330
red (pwning): 290

The most solved category was, as expected, School Bus; the other ones were solved between 200 and 300 times each, which is great : It means that there wasn't a super-(easier|harder) category.

My challenges

Since this is my blog, I'll speak a bit about my challenges: Of the 31 one, I wrote 8.

Symphony (writeup)
Prudential (writeup)
Northeastern Univ. (writeup)
Museum of Fine Arts (writeup and the intended one)
Longwood Medical (writeup)
Brigham Circle. (writeup)
Wellington (writeup and the indented one)
Bowdoin (writeup)

While the 5 first ones of the list were in the School Bus category, Wellington was a 250pts orange (Reverse) and Bowdoin a 350 blue (Crypto). You can find them and their respective sources here

My major regret is that I should have been more careful when I generated the PDF for Bowdoin: It was really hard to distinguish 1, l, i and I. But when I saw that the Balalaika Crew posted its flag in less than 45 minutes, I stopped feeling guilty.

Many thanks to gsilvis for proofreading my crypto challenge, and to crowell for letting me give a hand: hosting a ctf is as fun as playing one, only with more stress ;)

See you next year?

Artificial truth

archives | latest | homepage

Boston Key party 2015
Thu 05 March 2015 — download

Numbers

Points and solves

Weight estimation

Solves

My challenges