Each year for CSAW, Vector 35 tries to come up with their best CTF challenge ideas. This year we decided to work with @Zetatwo on his awesome Pwny Racing series.
What resulted was an 11 hour stream that saw a field of ten teams whittled to one top winner.
This repository has all of the challenges that were created for the event.
- Storefront A standard buffer overflow
- Repass: Easy and fast
- fourmatts: You're never gonna guess the challenge type from the name
- gotcha: Got overwrite. GET IT?!
- kernel: No, not a kernel challenge. Just named that way for the lulz because Jazzy said we wouldn't have a kernel challenge in the event. ;-)
- multilingual: Challenge with a twist
- pttp: Contributed by Alex Taylor
- roplcopter: ROP payload. Surprised?
- confused: The names really are starting to hint as to the bugs pretty clearly
- murica: Winner of the "best pun in a flag" award. Yup, it's a use-after-freedom.
For our streaming setup, we had one dedicated capture laptop running two different capture cards (1,2) streaming via two separate OBS processes to a single nginx proxy. The master OBS stream let us mix the two feeds, adding in audio from two samsun go mics.
The challenges were all hosted in a docker server provided by the event organizers including the custom challenge server.