What is This?
This Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges.
This year, we have two scenarios!
Scenario 1: Learning CTF (Non-competitive) - Friday and Saturday
On Friday and Saturday, we have a non-competitive learning run, where you can go through the Kubernetes CTF scenario from DEF CON 29, themed on the movie "Hackers". It has an available "cheat sheet" that shows you how to run through, start to finish! You can do this without the "cheat sheet" if you want a puzzle.
Each team/individual gets a Kubernetes cluster that contains a set of serial challenges.
This is open to up to 30 teams and is available from Friday 10am to Saturday 5pm Pacific.
How to Register
- Note: Feel free to register after the exercise begins. We will be running registration until 5pm each day.
- Send an email to register-defcon@containersecurityctf.com
- We’ll give you the IP address of one of your target cluster’s nodes, as well as the "cheat sheet" that you can use (if you want) to learn from the past CTF scenario.
- You will enter the cluster by using a remote code execution vulnerability in an application exposed to the Internet.
- Your team will have exclusive access to your cluster; other teams will have different clusters than yours.
- You won’t be able to reach your cluster until the CTF begins.
- After 12pm pacific on Friday, we will give all teams’ IP addresses access to their Kubernetes clusters. You’ll then be free to start hunting for your first flag!
- We will be available in the #ce-kubernetes-ctf-text channel in the DEFCON Discord to help with any technical issues.
- Try to get as far as you can! :)
Scenario 2: Competitive CTF
On Saturday, we have a timed competition from 10a-5pm on a new scenario.
Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges. The team can capture flags and win points as they progress. Later flags pose more difficulty, but count for more points. Some flags have hints available, but those hints may cost points...
A scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie. This is open to only 30 teams and only from Saturday 10am - 5pm Pacific.
How to Register
- Note: Feel free to register after the competition begins. We will be running registration until 5pm each day.
- Send an email to register-defcon@containersecurityctf.com
- We’ll reply with an access code which you’ll use to sign up for our CTFd server.
- You will submit all your flags to the CTFd server.
- We’ll also give you the IP address of one of your target cluster’s nodes.
- You will enter the cluster by finding a remote code execution vulnerability in an application exposed to the Internet.
- Your team will have exclusive access to your cluster; other teams will have different clusters than yours.
- You won’t be able to reach your cluster until the CTF begins.
- After 10am pacific on Saturday, we will give all teams’ IP addresses access to their Kubernetes clusters. You’ll then be free to start hunting for your first flag!
- We will be available in the #ce-kubernetes-ctf-text channel in the DEFCON Discord to help with any technical issues.
- Try to get as far as you can! :)
Links