Reflection on Defcon’s TF2 CTF HACKFORTRESS

Austin Marck
Aug 27, 2017 · 2 min read

I’ve been attending conventions for well over a decade. My first convention was Cyber Security focused and my latest have been as well. I played competitive shooters for a number of years and the mix of passions at Hackfortress at Defcon was stellar. These are the rules for those not familiar.

1.Teams are comprised of no more than 6 TF2 players, 4 hackers, and 1 optional position of runner.
2. Preliminary and semi final rounds are 30 minutes each, the final is 45 minutes.
3. The tournament runs as single elimination.
4. All teams must register a team captian as a point of contact, members of pickup teams must give contact info.
5. Teams that are later than 10 minutes for a match and not responding to phone calls and email will be disqualified.
6. TF2 hardware is provided, Hackers must supply their own hardware, said hardware must be capable of connecting to a wired network.

The challenges are varied but everything from physical security to social engineering is on the table. Aptitude with tools such as Burpsuite is a must for the web security portions. Familiarity with Wireshark is helpful for the network challenges. You should be comfortable with a variety of lock types and bypass tools. Freezes (an option in the game once you’ve hacked up enough points) are very popular forms of abuse to get your team back on top in TF2, but bear in mind you should sync these attacks with your teammates to be effective. The Freeze actually just locks your position, you can still shoot and kill your enemies but you’re certainly at a disadvantage.

Things I wish I knew before showing up:

The game server is off limits. The challenges are super wide in variety (which is good, this is a fast paced game). Physical tools can be provided, but bring your own set of picks to stay comfortable. Be sure to reset your controls in TF before your play in case something funky happened to the settings. Test your mics, get warmed up and comfy.

Test your devices before you arrive, we had some unfortunate downtime that cost us.

Oh, and don’t forget the bribes…

Bribes are a must have

Our team for 2017 was put together on the spot with people we did not know, most of us had not planned on playing. Despite the loss on the hacking side we won in TF against the reigning champs. We could use some work on the Network exploits. We’ll see you again next year!

)

Written by

My name is Austin Marck I am a security enthusiast. I like to dabble in RF, physical security, reverse engineering, and most everything else in the sec space.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade