c0c0n is an annual international cybersecurity, data privacy and hacking conference organised by the International public-private partnership led by the Society for the Policing of Cyberspace (POLCYB) in association with Information Security Research Association (ISRA), Group of Technology Companies ( GTec) and Kerala State IT Mission. Previously organised under the leadership of Kerala Police, c0c0n is India’s longest running platform for discussion and dialogue on cybersecurity in India.
This time Appfabs was technology partner with c0c0n XI. Appfabs organized one of the greatest event of c0c0n, that is CTF (Capture The Flag) - an ethical hacking competition along with Kerala Police Cyberdome. It was our great pleasure to organize such an event.
There was so many preparations required as part of CTF. The id cards, questions, infrastructre etc. are major things. We spend a good amount of continuous effort for doing all these things. Hardworking and Team spirit were major driving factor to achieve all those wonderful things.
When we got confirmation from CyberDom about our involvement in c0c0n CTF, we decided our first target was to make a nice ID card which reflects the real motive of CTF with comparatively lower cost. We had searched a lot, almost all were different with diverse idea, some cards had illuminations and some even had colourful displays of scoreboard. Kerala Police Cyberdome has good designers available and we together went through different designs and finally selected one. Special thanks to Sushin Surendran and Rajesh R K from Cyberdome.
The material used for ID card was acrylic transparant sheets. Kerala Startup Mission (KSUM) has a lab facility available (FabLab) and we used that facility for engraving our design to Acrylic sheets using a Laser Engrave and cutting machine.
When we finished engraving, next step was electronic circuts to illuminate ID cards. We used 3V button cells with Red and Green SMD LED for that. It was a tiresome work to solder the SMD LED in 3mmx4mm PCB Board and used a fine grainder to make it smooth and fit inside the cut in the acrylic ID Card.
Finally the cards were ready!!
Boxes were created in basis of real life vulnerabilities which we have faced in our security testing engagements and during Beagle development. After deciding the box challenges, we created the instances in AWS, Digitalocean and Google Cloud. Implemented the challenges one by one and made enough protections to Jail the users to restrict the access.
Its time to Travel
We used customized Facebook CTF platform for the contest. It was all done one day prior to the event including stickers, cards, Id Cards etc. and packed well. The climate was rainy, so we decided to travel to Kochi by train.
There was a heavy rush at registration counter, soon after opening the counter we got around 50 team registrations and we closed the counter by 11:30 AM as we ran out of the ID cards and the pre created tokens for registration. It was awesome 27 hrs, the teams fought day and night to capture the flags. By 6’O clock evening in the first day itself four of the simple flags were captured and everyone was on the big flags and the Bases. Next day after 12:00 AM, among two bases, one was captured. Then it was awesome to watch the score board and the logs as 3 teams were fighting in the base for winning the point and protecting the flag. It continued till we end the game by 12:30 PM.
Prize distribution was done by Mohanlal at the closing cermoney in the presence of chief secretary kerala Mr. Tom Jose, the head of the state police (DGP) Mr. Lokanath Behera IPS and Mr. Manoj Abraham IPS Nodal Officer of the Kerala Police CyberDome and IG Thiruvanthapuram Range.
Here is the detailed write-ups for the boxes in the Event.
These are the write-ups done by the winner and runnerup teams.