Global CyberLympics

Global Cyberlympics is a CTF (capture the flag) game organized by EC-Council. This is the first time it was organized, first time in Hungary and first time I've participated. I was part of it...the beginning.

This was the European regional competition where my colleagues and I participated. We formed a team (named: Six Pistol) and applied to be part of this interesting game. The team consists of 6 people each having different strengths and knowledge with at least one thing in common: cooperation. Some words about the competition.

The game could be devided into three parts. One was lock picking. It belonged to the attacking as it was a simulation for physical security. There were 4 or 5 locks that had to be opened. We had a guy in our team who was very professional in lock-picking and took him only 20 minutes to solve 4 out of the 5. After this he left because he is not an IT fanatic:).

The second part was the defence. We had to defend different kind of machines from the others. We were given several computers very heterogenous (Windows, Linux) with different services running on them (databases, mail servers, directory servers, web pages...). The defense was measured by a scorebot which regularly checked in to the services, and gave us points if everything was all right for it. We did not know the source of the scorebot just that we have to keep alive our services fully functional.

The third part was about the attacks. We had to attack other team's computers while they were defending them such as we did during their attack. Everything was parallel. All teams started to defend and attack at the very same time. Each team were given some IP address range which could be attacked and a list of services that had to be defended.

There were also some "independent" systems which were not hardened or defended by anyone. This was because there were some flags that should have been found somewhere in the networks on some servers (like a password for a specific username).

The most unexpected part was the business interruption. At some point the judges decided to rever one machine to the vulnerable state. They did this without any notice so we found once one of our servers beeing hacked. It was really akward.

During the game the Dashboard appeared regularly which provided us some information about our position in the competition. Usually we were at the first place. Finally after 7 our of suffering we found ourselves at the second place which worth the pass for the Global Finals somewhere in the USA.

I am really happy that we were part of this game and hope that we will do better on the world finals where there will be the 2 best teams from each region.