What is This?
This non-competitive Kubernetes Capture the Flag (CTF) event for DEF CON NYE 2021 features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Teams are not competing against each other, as the “answer key” is available.
Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
This is a repeat of the DEF CON 29 Kubernetes CTF. We’ll be providing teams with a walkthrough video, which demonstrates how to solve the entire CTF. Most players will likely use the walkthrough video in some way, in solving the CTF. Whether you use it for hints or as an outright open book answer key, you are virtually guaranteed to learn quite a bit.
A scoreboard tracks the teams’ current and final scores, but its primary purpose is to provide hints.
This is open to only 30 teams and only from Friday 2pm – Friday 11:59pm Pacific.
You must accept the rules below to participate.
How to Play
- We will be watching for registrations from 1pm to 10pm on Friday. Please expect high latency – this is a manual process.
- We will run the event on Friday from 2pm until 11:59pm, Pacific.
- Send an email to email@example.com
- Use subject “$TEAMNAME CTF Registration”, replacing “$TEAMNAME” with your preferred team name.
- Include a list of all IP addresses your team will be operating from. We need these to give you access to your target cluster- we aren’t about to expose a vulnerable cluster to the whole internet!
- We’ll reply with an access code which you’ll use to sign up for our CTFd.
- You will submit all your flags here.
- We’ll also give you the IP address of one of your target cluster’s nodes.
- You will enter the cluster by finding a remote code execution vulnerability in an application exposed to the Internet.
- Your team will have exclusive access to your cluster; other teams will have different clusters than yours.
- You won’t be able to reach your cluster until the CTF begins.
- Once we process your registration, we will give you your teams’ IP addresses access to their Kubernetes clusters. You’ll then be free to start hunting for your first flag!
- During the event, we may be available in the #ce-kubernetes-ctf-text channel in the DEFCON Discord to help with any technical issues.
- Have fun and get as far as you can! :)
Registration Closed from 5pm to 8pm
- Registration tentatively closes at 5pm but reopens at 8pm.
The following rules are intended to keep the game both fair and interesting:
- No attacks are permitted on the cloud provider or on the cloud accounts.
- No attacks are permitted outside the cluster.
- No attacks are permitted against the container registries, including Docker Hub.
- No use of cloud service provider accounts or APIs are permitted including, but not limited to, the Metadata API.
- No use of kernel or container breakout exploits or techniques are allowed.
- No mounting of node filesystems is permitted.
- You may only attack and interact with your own team’s assigned Kubernetes environment.
- No attacks are permitted on the scoreboard system (hosted on ctfd.io), the other players or the facilitators.
- Respect other players and do not interfere or otherwise impact their ability to learn and play.