What is This?
This Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
A scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.
This is open to only 30 teams and only from 2pm – 10pm pacific.
How to Play
- Note: Feel free to register after the competition begins. We will be running until 10pm pacific.
- Send an email to firstname.lastname@example.org
- Use subject “$TEAMNAME CTF Registration”, replacing “$TEAMNAME” with your preferred team name.
- Include a list of all IP addresses your team will be operating from. We need these to give you access to your target cluster- we aren’t about to expose a vulnerable cluster to the whole internet!
- We’ll reply with an access code which you’ll use to sign up for our CTFd.
- You will submit all your flags here.
- We’ll also give you the IP address of one of your target cluster’s nodes.
- You will enter the cluster by finding a remote code execution vulnerability in an application exposed to the Internet.
- Your team will have exclusive access to your cluster; other teams will have different clusters than yours.
- You won’t be able to reach your cluster until the CTF begins.
- After 2pm pacific, we will give all teams’ IP addresses access to their Kubernetes clusters. You’ll then be free to start hunting for your first flag!
- We will be available in the #ce-kubernetes-ctf-text channel in the DEFCON Discord to help with any technical issues.
- Try to get as far as you can! :)