C0r3dump @ VolgaCTF

VolgaCTF is one of the largest hacker competition of the Russian Federation. This year, our one-year-old hacker team, c0r3dump, successfully qualified for the VolgaCTF Final by achieving the 16th place in the qualification round in March. The 9th VolgaCTF Final was held in Holiday Inn, Samara between September 17 (Tuesday) and September 20 (Friday). 19 teams were competing in the final, 3 Austrian, 1 Vietnamese, 14 Russian and 1 Hungarian. This was the first CTF final of “c0r3dump”.

Before the competition, on Tuesday and Wednesday, a small conference was held. There were talks about Linux kernel fuzzing, IoT 0-days and hardware debugging the x86 platform. The central topic of the conference was “fake news”.

During these two days, two online CTF competitions were held for the teams participating in VolgaCTF Final. We achieved the 6th and the 7th place in these competitions.

The final was held on Thursday, during the whole day. It was an attack-defence type competition, which means that each team got a virtual machine (called vulnbox) with five vulnerable services running, they were written in C#, Java, Python, C++ and Perl. Our task was to find and patch the vulnerabilities in our services and to extract secrets (flags) from the other teams’ services by exploiting them. It was also important to keep our services up and running. There were points given in every 2 minutes for the online services (availability points) for the non-exploited services (defence points) and for the stolen secrets (attack points). Unfortunately, we were inexperienced in attack-defence CTFs compared to the other teams and did not have the proper toolset for attacking other teams. We achieved the 4th best availability score, but our attack score was low.

The results were announced on Friday. We achieved the 13th place. The winner was LC↯BC, from St. Petersburg, currently the 10th team in the world, the second team was –==Har[u]6aToP==–, from Novosibirsk and the third team was Bushwhackers from Moscow, currently the 9th team in the world. Congratulations to the winners and to all the other competing teams. We gained a lot of experience during the competition.

Last but not least, we officially thank all of our sponsors for financing our travel and making it possible for us to take part in this world competition. Our sponsors were Ukatemi Technologies, Zero IT Labs, BalaSys, ITSec Area, Carinex, HUNITY DEFENCE and CDSYS. Regardless of the actual outcome of the competition, we are proud to be among the top 19 teams, and this has not only boosted our reputation and that of CrySyS Lab, but perhaps of Hungary as a whole.

Official Twitter of c0r3dump: https://twitter.com/c0r3dumpctf
Official web page of VolgaCTF Final 2019: https://volgactf.ru/en/volgactf-2019-final/final.html
Official Twitter of VolgaCTF: https://twitter.com/volgactf

Article Link: https://blog.crysys.hu/2019/10/c0r3dump-volgactf/