I wrote another Ghost in the Shellcode story up on twitter thread[0], but I'd like to share it here also.
In 2013, I wrote a GitS challenge called "hackerbook". It was a "misc" challenge where I presented you with a series of photos of prominent hackers at the time and asked you their name. It worked on the same principle as reCaptcha, I only knew the names of about 30 of the hackers and put those into the database. For the remaining ones, I accepted any answer but logged it to the database. If you correctly named all the 30 that I knew, you got the flag.
I wrote it because I thought it'd be funny to get people to give up the real names of their friends. I also thought it might be a good way to harvest the names of hackers[1] who are opsec thought leaders. For the remaining photos, I went to every CTF team's twitter, facebook, flickr, etc and sliced out random people.
The challenge worked pretty well at de-anonymizing a few folks. One player even sent me a photo of his friend's passport, claiming my challenge was broken and not accepting the correct name.
I think we already knew most people would give away all their personal details for a chance to win a free ice cream but they'll also give away their friends details for made up internet points.
> There may have been others, but this is how I remember it.
Uh, yeah, DC949 ran Open Capture The Flag (OCTF) at Defcon from 2005 through at least 2010[0].
We later ran the original Barcode Shmarcode[1] contest during Snowpocalypse at Shmoocon so I know the Ghost in the Shellcode team was at least somewhat aware of DC949.
You're right, DEFCON had a competition called Amateur CTF that I remember now. My apologies (it's been 13 years!), but I did say that it was how I remembered it. :)
At the time ACTF was very overshadowed by DEFCON CTF and it wasn't really front of mind when I wrote the blog post.
psifertex 700 days ago [-]
I agree there were many others (beyond even these I can think of a several), but I think Ryan was mainly referring to was how many were regular online CTFs at the time.
Wasn't both barcode-shmarcode and oCTF both more in-person events than available online?
merlincorey 689 days ago [-]
Sorry for the late reply, but you are correct, both events were in-person at the conferences!
withzombies 700 days ago [-]
If you're new to CTF and want to try your hand at it, the qualifying round for DEFCON CTF starts tonight.
DEFCON is easily the most prestigious of the CTF competitions, so much so that it needs to pre-qualify the teams competing and that competition[0] starts tonight and runs all weekend.
In 2013, I wrote a GitS challenge called "hackerbook". It was a "misc" challenge where I presented you with a series of photos of prominent hackers at the time and asked you their name. It worked on the same principle as reCaptcha, I only knew the names of about 30 of the hackers and put those into the database. For the remaining ones, I accepted any answer but logged it to the database. If you correctly named all the 30 that I knew, you got the flag.
I wrote it because I thought it'd be funny to get people to give up the real names of their friends. I also thought it might be a good way to harvest the names of hackers[1] who are opsec thought leaders. For the remaining photos, I went to every CTF team's twitter, facebook, flickr, etc and sliced out random people.
The challenge worked pretty well at de-anonymizing a few folks. One player even sent me a photo of his friend's passport, claiming my challenge was broken and not accepting the correct name.
I think we already knew most people would give away all their personal details for a chance to win a free ice cream but they'll also give away their friends details for made up internet points.
[0] https://twitter.com/withzombies/status/1529145520027054081
[1] https://twitter.com/thegrugq
Uh, yeah, DC949 ran Open Capture The Flag (OCTF) at Defcon from 2005 through at least 2010[0].
We later ran the original Barcode Shmarcode[1] contest during Snowpocalypse at Shmoocon so I know the Ghost in the Shellcode team was at least somewhat aware of DC949.
[0] https://www.youtube.com/watch?v=9Gs2Ja6Gt4Q - DEFCON 18: oCTF: 5 years in 50 minutes 1/4 (2010)
[1] https://www.shmoocon.org/barcode-shmarcode/ - Shmoocon: Barcode Shmarcode
At the time ACTF was very overshadowed by DEFCON CTF and it wasn't really front of mind when I wrote the blog post.
Wasn't both barcode-shmarcode and oCTF both more in-person events than available online?
DEFCON is easily the most prestigious of the CTF competitions, so much so that it needs to pre-qualify the teams competing and that competition[0] starts tonight and runs all weekend.
[0] https://nautilus.institute/