Open in app

Sign in

Write

Sign in

EasyCTF 2017 Wrap-up

Michael Zhang
Michael’s Blog
Published in
5 min readMar 24, 2017

EasyCTF just concluded this Monday! Looking back on the competition, I’d say that this year was our best year ever. Let’s take a look at some of the stats.

  • 5,837 users registered this year, playing on 2,742 teams. Of those teams, 1,938 teams scored points.
  • We had 63 challenges, which was close to our 68 last year.
  • 10.7% of all teams had 5 members — full teams! In fact, there were more 5-member teams than there were 4-, 3-, and 2-member teams.

I’m really happy to see that so many people were willing to give us a week of their time to participate in our event and work through our challenges, despite the fact that we hadn’t promised any prizes ahead of time.

I’d also like to give a shout-out to the entire dev team who helped monitor basically every point of contact that people had with us and creating amazing challenges.

Improvements for next year

I still haven’t decided whether I’ll be completely involved in organizing this event again next year. I hope that I’ll have some free time alongside my classes, but I’d also like some more cooperation from the rest of the organizers. The biggest problem we had this year was basically not working on anything until the week before the competition. By that time, it was already too late. Let’s take a closer look at what actually went wrong:

  • Lack of motivation. I’m not sure people were actually busy during the entire year that we had planned to work, but there was definitely a lack of work put into organizing the competition. We had some big ideas at the beginning of the year, but as time passed, the chances of those ideas becoming reality looked rather slim as no one wanted to be the first one to start working. Somewhere in there I threw in a couple of deadlines, and we got a couple of problems written. Had I not done that, I fear we would have had much fewer problems than we actually did.
  • No contact with sponsor companies. Contacting sponsors should have been one of the first things we did, since it takes a long time to sort out details and companies usually take at least two weeks to reply to emails anyway. Towards the end, we did get an email from DigitalOcean saying they were willing to fund servers for our competition, but launch day came and we didn’t hear back from them again.
  • No coordination. Some of the feedback I’ve been hearing about this year’s competition is a shortage of actually “easy” problems. We never really went through the competition and tried to lay out a “spectrum” of problems nor tackle it from the participants’ perspective. Every problem was either just a “cool idea” someone had or “I feel like a CTF needs this.” The intermediate web section was completely missing.
  • Unbalanced team. Our team comprised mainly of problem writers. That’s great and all, but when it comes to things like contacting sponsor companies, writing the website, planning some kind of game, we basically have no resources to do those. I spent my entire time developing OpenCTF, the platform that powered the competition, and I know for sure that was a task too large for me to handle. Getting more web designers or people with other skills would have helped out a lot.

I’ve also got a couple of points of reflection for prospective CTF organizers, so if you’re planning to run a CTF, this is for you.

  • Participant experience takes first priority. A lot of organizers think the hardest part of running a CTF is getting good challenges. And they’d be right. But that’s not to say that preparing a solid game infrastructure for flag submission is going to be something you can do last-minute. When it comes to the participants’ experience, the first thing that they encounter is the website. Then a few initial challenges. Then probably the chat. Make sure you have those down well and people will probably have a better initial impression of your CTF.
  • Some people are there to make you miserable. As the one in control, you need to account for those people. We’re lucky that we only had relatively few encounters with such people but do keep in mind that you are still running an event and that takes first priority. During EasyCTF, there were a couple of people who thought it was funny to drop flags for hard challenges into the chat room. When we tried to get them to stop, they would come back under different aliases in order to annoy us. At that point we just shut down the entire chat room; the competition had to go on.
  • Ignore unconstructive negative feedback. You’re always going to have haters. Don’t take it to heart, solve the problems, and move on. Who cares if some random kid in IRC says your CTF is garbage? Ask them what issues they’re having, fix them, and they’ll be happy. It’s really not that complicated.
  • Docker. Is probably a good idea. The learning curve is not bad and it’s a great way to create disposable containers that can restart easily. Not only should you use Docker for your main competition website, you should also use it for all of the challenges that involve communicating with a server.

Here’s something else I definitely have to share. We had this autogen system that created different flags for different teams in order to discourage flag sharing. Some people came up to us reporting that their flag wasn’t working, when they clearly just took some other team’s flag. I didn’t really do anything about it, but just thought it was pretty funny that they had the nerve to report it to us even though they were cheating.

So, what’s the future for EasyCTF?

  • I’m seeing OpenCTF as a more permanent solution to our main platform. It’s a very complex piece of software and it would be insane to try to rewrite it from scratch. I’m in the process of creating an open-source version of it and making it customizable (for example, turning off features that you don’t need like the programming judge) for CTF organizers.
  • We had this project going on a while back for a CTF calendar that also hosted tasks. I was also hoping that it would be able to replay entire competitions but that seems a bit too hopeful at this point. It would be nice to just get the calendar revived.
  • WeebCTF is happening again this summer, dates still yet to be decided. If you’re into anime (or even if you’re not), come check it out!
  • Applications for joining the organizing team for the next EasyCTF will open soon. If there was something you didn’t like about EasyCTF, and you think you could have done better, by all means, join the team! We’d like to hear your ideas.

Thanks for reading, and I hope I’ll be seeing you at the next CTF!

Technology
Organizing

--

--

Michael Zhang
Michael’s Blog

Written by Michael Zhang

73 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams