Service-Specific Team Attack/Defense CTF
Real cyber battles require both offense and defense. The CyberStakes CTF was a team-based full-spectrum, attack/defense Capture the Flag (CTF) competition. Each team was given identical software to defend while simultaneously attacking other teams. Points were awarded for successfully attacking other competitors while simultaneously defending their own infrastructure. This event was in the spirit of the annual DEF CON CTF competition, where most attacks revolve around exploitation and defense of traditional software binaries.
Skills measured: Real-time binary exploitation, binary patching and workarounds, intrusion detection and prevention, group communication, strategy, persistence, system administration
Joint Team Attack/Defense CTF
This event was a second attack/defense CTF, but with a twist: Instead of playing on their original teams, participants played on new teams with students from the other academies. The event created an environment encouraging joint-force collaboration, in which teams had to dynamically balance offense, reverse engineering and defense to win.
Skills measured: Real-time Web exploitation, Web patching and workarounds, intrusion detection and prevention, group communication, strategy, persistence, system administration
In this challenge, participants had to audit more than 1,300 Linux binaries compiled from open source projects, with the goal of finding and exploiting as many security-critical bugs as possible in a fixed amount of time. Points were awarded for the number of new bugs discovered, and whether they could be exploited.
Skills measured: Binary exploitation, reverse engineering at speed, infrastructure fuzzing
Cold Boot Attack
Cyber defenders’ toolkits include not just digital approaches, but physical ones as well. Cold boot attacks involve freezing memory modules with compressed air—which lowers their temperature, preserving the data within—and then physically removing those modules to analyze their contents on another system. Success in this event depended on how quickly teams could freeze, remove and analyze a memory module.
Skills measured: Speed, precision, teamwork, understanding hardware and tools, memory analysis
Defenders often need to analyze deleted disks, memory core dumps and other digital remnants to reconstruct and analyze attacks and compromises. In this timed challenge, participants used the memory images they obtained during the Cold Boot Attack event and analyzed them for forensic evidence to find a hidden encryption key.
Skills measured: Analytic reasoning skills, understanding network protocols and file system internals
Malware authors hide program behavior by obfuscating the code, software protection schemes hide passwords inside the code, and finding vulnerabilities in binary code requires understanding the application logic. Reverse engineering is the common skill required in all these scenarios, and reversing problems exercise the participants’ ability to understand binary code. Teams had to uncover hidden flags by reverse engineering a set of binaries. The point value of each flag was based on the program in which it was hidden.
Skills measured: Reconstructing source code from binary, code analysis, bypassing software protection, anti-obfuscation techniques
The CyberStakes Online offered dozens of increasingly difficult challenges designed to help competitors develop core skills valuable to cyber operators and CTF competitors. Available through a Web interface, each multidisciplinary problem set hinted at or linked to content that players used to educate themselves on how to arrive at the correct answer. Points were based on each problem’s respective difficulty.
Skills measured: Binary exploitation, Web exploitation, reverse engineering, forensics, cryptography
Physical security provides important insights into cybersecurity, so this event tested lockpicking and physical security penetration skills. Locks were commonly available models to provide realism. Individuals raced to pick mounted locks in a series of qualifying heats culminating in a final lockpicking challenge. In the final event, competitors picked three out of five off-the-shelf 5-pin deadbolt locks. The winner was the first individual to pick all three locks.
Skills measured: Bypassing physical security, persistence, problem-solving
Who is the fastest hacker? In this event, participants had to complete the same elementary binary exploitation challenge. Each single-elimination heat was timed, with the fastest overall times advancing to the next round. The final round was a head-to-head competition among the fastest competitors.
Skills measured: Optimal tool usage, fast understanding of disassembled code, exploitation
You are now leaving the DARPA.mil website that is under the control and
management of DARPA. The appearance of hyperlinks does not constitute
endorsement by DARPA of non-U.S. Government sites or the information,
products, or services contained therein. Although DARPA may or may not
use these sites as additional distribution channels for Department of
Defense information, it does not exercise editorial control over all of
the information that you may find at these locations. Such links are
provided consistent with the stated purpose of this website.
After reading this message, click to continue