[Dailydave] CGC Wrapup Video

Tyler Nighswander tylerni7 at gmail.com
Thu Aug 17 19:29:40 UTC 2017


I think I posted a link to this on here before, but
http://www.lungetech.com/cgc-corpus has some information about each
challenge, including whether there was a successful POV on it during the
contest (though it's not the easiest thing to navigate).
Most of the challenges have no successful POVs against them. In my
totally-neutral-not-biased-at-all-objective-opinion, that is because Mayhem
was borked for a large portion of the contest ;). Mayhem exploited 11
unique services for however long it was working (it started degrading
around round 30), Mecaphish exploited the most of any competitor during the
game 15 total. That's out of around 100 or so total challenges, so not a
very high percentage. I didn't spend much time looking to see how hard the
CFE challenges were, but they are not buffer overflow 101 type of things,
I'd say.

On Thu, Aug 17, 2017 at 8:51 AM, dave aitel <dave at immunityinc.com> wrote:

> So I wanted to type up some notes on the CGC Wrapup
> <https://www.youtube.com/watch?v=SYYZjTx92KU> video, which was excellent.
> I mean, a part of what you want to do, while you watch it, is strip out all
> the parts of the thing that are about "playing the game". I know Jordan
> loves CTFs as some sort of e-sport and also there's a whole community who
> for whatever reason plays CTFs instead of playing corewars on helpless
> Chinese networks like of yore, but that stuff is 100% distraction when it
> comes to the CGC.
>
>
> As you can see, the tiny red lines on the right are supposed to be some
> combination of "could hack and could secure a service". I can't find
> anywhere something that has a simple spreadsheet of which samples
> <http://www.lungetech.com/cgc-corpus/challenges/NRFIN_00080/>  (and even
> which vulns in which samples) were able to be attacked by which teams. So
> much of the game was weighted towards performance characteristics that it's
> hard to determine the information you really need from the scores, although
> the video goes over some anecdotal examples where RUBEUS and MECHAPHISH
> were able to attack particular historically interesting programs. It's
> telling that Mayhem won despite being basically off for half the contest. ;)
>
> Does anyone have better data on this?
>
> -dave
>
> P.S. Holy cow the visualizations on program execution are next gen! Worth
> a close watch just to see them.
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20170817/5f8b042d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dpddicddofmkbpej.png
Type: image/png
Size: 1501794 bytes
Desc: not available
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20170817/5f8b042d/attachment-0001.png>


More information about the Dailydave mailing list