CODE CTF 2019 The 5th Element

CODE CTF 2019 The 5th Element

2019 is the year when worlds collide. It was the pleasure of RI CODE, ITIS e.V., and Team localos to fight together with the participating teams against the darkness during the Capture the Flag (CTF) 2019 „The 5th Element – It mu5t be found“. The fifth CTF started on 22nd November 18:00 at the Bundeswehr University Munich (BUM) and lasted 18 hours until 23 November 12:00. Over 120 participants grouped in 29 teams were eager to fight against the darkness and win honor and glory and thereby the five elements. Also 6 teams from the CONCORDIA consortium participated in the CTF.

Fig 1: Participant trying to solve a challenge at the CTF

CTFs in computer security are a type of computer security competitions. The contests are usually designed to serve as an educational exercise. One of the CONCORDIA’s task is to contribute to the development of a European Education Ecosystem for Cybersecurity. Running CTFs, like the event at the Research Institute CODE, is one means to support this dedicated CONCORDIA task. CTFs help to support the training Cybersecurity professionals. There are different styles: attack/defence, Jeopardy, and hybrid. The teams attempt to earn the most points by solving tasks in a certain time frame. While some events have fixed points per challenge dependent on the level of difficulty – especially in Jeopardy – our CTF used a unique dynamic scoring. Dynamic scoring can lead to strategic decisions, e.g., which challenge to solve next either to gain more points or let other teams reduce their points.

Fig 2: Only one team solved the hardest hardware challenge

In order to participate, the teams had to go through an online qualifying first, where they could earn up to seven flags and one easteregg. 29 teams with four team members each at the maximum got qualified for the on-site main event. The Jeopardy-style CTF involved multiple categories of challenges, like crypto, web, forensic, and reverse/pwn, for which the teams had a limit of 18 hours to solve. Besides typical challenges mostly based on real exploits, several extraordinary challenges were available. For example a hardware challenges involving an oscilloscope, a sort of geo caching challenge with Bluetooth beacons, and even a VR challenge by Team localos were challenging the participants. Of course, catering and support was provided to the participants for free.

Fig 3: VR Challenge

The event ended with credits in a small movie and an award ceremony, where the best three professional teams and best two students teams were awarded. Congratulations to the winners!

1. [✓] T6 – also the only team solving the hardest hardware challenge

2. 0x90

3. call_0x9011111

Students:

1. tronicorn

2. Blue Eagle

3. Pink Fluffy Unicorn

Fig 4: Final Scoreboard

Have you missed it? Interesting in playing the next CTF? Further information are available at https://ctf.code.unibw-muenchen.de and hopefully see you next year.

Fig 5: Winning team [✓] T6 of the CTF 2019 „The 5th Element“

(by Daniela Pöhn, Research Institute CODE)