The story of an amazing and crazy night

Every year, at the same period, we run one crazy night: the #ndhquals This night is about being one of the 10 teams who qualify for the Nuit du Hack Private. During this CTF, contestants are challenged by our team, but also each other. Monitoring, chatting on IRC, eating pizza and having fun shooting each other with Nerfs are not the only events that night. Our team prepares for months to provide you with the cleanest CTF possible, with tricky/funny/both hard and easy challenges. This year, Sysdream tried something new! A brand new organization for the “Project NDH”. New teams, new team leaders, new infrastructure, new test process, we are building a more professional CTF. In the end:

  • 913 teams registered
  • 450 teams solved at least a challenge
  • 5 millilons TCP connexions
  • 60 requests per second during the 24 hours
  • 1200 requests per second at peak
  • 3TB downloaded from our servers
  • 140 tweets #ndhquals during the 24 hours
  • 20 write-ups plublished on Twitter
  • 35 RT for “ça root?”

Preparation

Leading the meetings, reminding the rules, assigning the tasks, the “Project NDH” Manager kept an eye on everything. Not only a manager, he helped with communication, infrastructure, tests and even chose some of the challenges. Actually, he admitted “not all the challenges we designed reached production, we had to make decisions”. Everyone wanted high quality challenges, he provided the team with a framework.

Focus on the challenges

7 consultants. A team leader.

We had a brainstorming meeting and tried to bring together both expectations from other CTF and the most fun and challenging topics for the community and writers.
Quite a thing to build those challs! You have to be sure there will be some easy, some tricky, some very hard ones, in several categories! That’s why the challenge part was more constrained: new rules both internally and publicly. To provide you with the best challs possible, the team based their ideas on real cases.
We were very happy to see the success of the crackme and exploit tasks! Aside from FaceSec2 that was a measurable failure, all challenges were well balanced. On one hand, Matriochka 1 was flagged 433 times, and on the other Moleman was not pwnd at all.
The team leader is confident about next month: the private CTF challenges are being written already.
“On va essayer de faire un CTF privé varié, et on espère que ça va vous plaire” (« We are building a rich private CTF, and hope you will enjoy it »)

Focus on the tests

5 consultants. A team leader.

Some of the challenges were more complex; consequently the tests were more guided and strict. This is the first time that we experiment such a test team and process. The challenges, the infrastructure, documentation and exploits: everything was tested from every angle.
This first shot was a good experience to find out about unexpected issues related to concurrency and performance. During the night itself, the team detected, contained and patched issues related to SQLite concurrency for instance.
After the event, the team focused on analyzing and understanding the issues, and most of all on ways to prevent them during next editions.
« On a été content et soulagés des feedbacks positifs. Une vraie satisfaction des gens qui s’amusent » (« We are happy and relieved to receive positive feedback. Real satisfaction from people having fun”)
All challenges were hosted on the MALICE Challenge infrastructure.

Focus on the infrastructure

2 consultants. A team leader.

Previous qualifications were running on software written back in 2012 and maintained since. We gathered most of the feedback regarding the dashboard and past years issues with DOS attacks, in order to design and bring contestants a new hosting architecture that holds.
One of the main issues we tackled was load balancing. Most challenges are designed to prevent DOS, it is however hardly an option with shell access. Balancing is helpful in mitigating the impact of DOS: we used a mix of on-demand Docker containers and HAProxy frontends to achieve our goal.
We did in fact face a small-scale DDOS during the first few minutes (500Mbps from a dozen sources), which impacted some challenges.
The team is now focusing on building a powerful yet portable infrastructure for the Nuit du Hack Private CTF.

Focus on the dev

2 developers

To provide the community with the challenges and a way to flag them, the developers built MALICE Challenge, which partly consists of the challenge dashboard. Not only was the dashboard the main interface for the challengers, it was also a great admin platform for the monitoring team.
Some issues were spotted and improvements will be made to maximize the efficiency of this tool.
The project manager summarizes the night: it was a hard at first with the initial load on the infrastructure. But after the fear was over, everything was cool. Technical problems were quickly solved, none of them lead to any big failure and the teams were well organized.
We want to thank all of you who made some write-ups, all of you who participated at least to one challenge, all of you who kept us awake on IRC. See you at La Nuit Du Hack!

Write up

We've selected the best of your write ups!

Moleman :

https://github.com/sysdream/WriteUps/blob/master/ndhquals2016/Moleman.md

Mickey :

https://github.com/sysdream/WriteUps/blob/master/ndhquals2016/Mickey.md

Matriochka :

https://securite.intrinsec.com/2016/04/03/write-up-nuit-du-hack-2016-ctf-quals-matriochka-step-4/

SecureFileReader :

http://maroueneboubakri.blogspot.fr/2016/04/nuit-du-hack-quals-secure-file-reader.html

CrazyTownFamous :

https://gist.github.com/Charo-IT/99f1c1de0afae81ab397012f44441ae7

Night Deamonic Heap :

https://github.com/sysdream/WriteUps/blob/master/ndhquals2016/NightDaemonicHeap.md

CatchMeIfYouCan :

http://secgroup.github.io/2016/04/04/ndhctf2016-writeup-catchmeifyoucan/

Whoami :

https://github.com/hexpresso/WU-2016/blob/master/nuit-du-hack-ctf-quals-2016/forensic/WhoAmI/README.md

Stegano sound :

https://www.asafety.fr/cryptologie/ctf-ndh-2016-quals-write-up-steganalysis-stegano-sound/

@Punkeel mix :

The spirit we love! https://ungeek.fr/ctf-nuit-du-hack-2k16/