TUCTF 2016 Happened! It was (hopefully) a good experience for all, and everyone learned something (hopefully). The staff certainly did.

We packaged up tuctf 2016 into a vm. Download Link

If you want the escape from hell vm Download Link

We are working on getting write-ups on this site, but here is the github in the meantime:

github write-ups

How we did it

If you are interested in the tools we used to run TUCTF, here they are:

1. CTFd

This is a CTF framework from NYU Poly. It is a great framework, although we did dev on it a bit before we deployed it.

2. Google cloud

Every challenge had it's own VM. If you want to spin up a simple vm, google cloud can get you 0 to shell in less than a minute. For us it was great, but there are some limitations (custom images are VERY hard, you basically have to use their pre-built images). Total cost was around $250, though a lot of that was downloading the escape from hell vm (overseas data is expensive as it turns out). We also messed with AWS, but google is so much more simple for this type of thing.

3. Freenode and slack

Communication is important. The hardest thing was dealing with the volume of communications.

That is it as far as software goes. Google gives you a $300 credit for a trial period, so we actually didn't spend any money on machines for this competition. Not including prizes, total cost was under $300, and we basically paid less than $50 out of pocket for misc expenses due to the google cloud credit.

What we learned

1. Prepare for the unexpected

We were going to be happy with, and thus prepared for, around 50 teams. We got over 800. We had to scramble to set up new vms and allocate all of the memory to prepare for it. Thankfully we used google cloud and it was pretty easy.

2. Test your systems

Thankfully there were few hitches in the ctf. We found some services that stress-tested our systems. The only major issues we had was with The Never Ending Crypto. This was a bug due to the random seed being reset every time a new person connected to it. Thankfully we were able to fix it quickly.

3. Have your stuff together

It took us a while to get prizes out. This was due to a couple of things, but mostly because we worked so much on the actual competition we forgot about prizes until after.

4. Communication makes a good CTF

As stated above, the volume of communication overwhelmed the admins. most of the time there were around three admins and a lot of you. Two of us spent almost the entire 48 hours on IRC talking with people. It was a long weekend, but it was worth it. We got a lot of positive feedback on the helpfulness of the admins. This is intended to be an intro CTF, so we helped people who had never touched a db do sql injection. It was a lot of fun seeing them go "OOOOHHH!" and getting flags. If we didn't get to you, we apologize, there were at most 5 of us and at least 800 of you.

Would we do it again?

Absolutely. See you guys for TUCTF 2017

  • Author: themann