<div dir="ltr">I think I posted a link to this on here before, but <a href="http://www.lungetech.com/cgc-corpus">http://www.lungetech.com/cgc-corpus</a> has some information about each challenge, including whether there was a successful POV on it during the contest (though it's not the easiest thing to navigate).<div>Most of the challenges have no successful POVs against them. In my totally-neutral-not-biased-at-all-objective-opinion, that is because Mayhem was borked for a large portion of the contest ;). Mayhem exploited 11 unique services for however long it was working (it started degrading around round 30), Mecaphish exploited the most of any competitor during the game 15 total. That's out of around 100 or so total challenges, so not a very high percentage. I didn't spend much time looking to see how hard the CFE challenges were, but they are not buffer overflow 101 type of things, I'd say.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 17, 2017 at 8:51 AM, dave aitel <span dir="ltr"><<a href="mailto:dave@immunityinc.com" target="_blank">dave@immunityinc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>So I wanted to type up some notes on the <a href="https://www.youtube.com/watch?v=SYYZjTx92KU" target="_blank">CGC Wrapup</a>
video, which was excellent. I mean, a part of what you want to do,
while you watch it, is strip out all the parts of the thing that
are about "playing the game". I know Jordan loves CTFs as some
sort of e-sport and also there's a whole community who for
whatever reason plays CTFs instead of playing corewars on helpless
Chinese networks like of yore, but that stuff is 100% distraction
when it comes to the CGC. <br>
</p>
<p><img src="cid:part2.67588983.BAB7BF32@immunityinc.com" alt="" height="455" width="873"></p>
<p><br>
</p>
<p>As you can see, the tiny red lines on the right are supposed to
be some combination of "could hack and could secure a service". I
can't find anywhere something that has a simple spreadsheet of
which <a href="http://www.lungetech.com/cgc-corpus/challenges/NRFIN_00080/" target="_blank">samples</a>
(and even which vulns in which samples) were able to be attacked
by which teams. So much of the game was weighted towards
performance characteristics that it's hard to determine the
information you really need from the scores, although the video
goes over some anecdotal examples where RUBEUS and MECHAPHISH were
able to attack particular historically interesting programs. It's
telling that Mayhem won despite being basically off for half the
contest. ;)<br>
</p>
<p>Does anyone have better data on this?</p><span class="HOEnZb"><font color="#888888">
<p>-dave</p>
</font></span><p>P.S. Holy cow the visualizations on program execution are next
gen! Worth a close watch just to see them.<br>
</p>
</div>
<br>______________________________<wbr>_________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.<wbr>com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" rel="noreferrer" target="_blank">https://lists.immunityinc.com/<wbr>mailman/listinfo/dailydave</a><br>
<br></blockquote></div><br></div>