{"id":295,"date":"2012-01-31T14:35:21","date_gmt":"2012-01-31T22:35:21","guid":{"rendered":"http:\/\/blog.mozilla.org\/webappsec\/?p=295"},"modified":"2012-01-31T14:35:21","modified_gmt":"2012-01-31T22:35:21","slug":"after-mozilla-ctf2012","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/","title":{"rendered":"Mozilla CTF 2012 &#8211; Aftermath"},"content":{"rendered":"<p>On January 25th, with the help of many <a href=\"http:\/\/mozillactf.org\/credits.php\">volunteers<\/a>, we hosted the first <strong>Mozilla Capture The Flag (CTF)<\/strong>. The Mozilla CTF will be a recurring security event, although we are not yet prepared to announce when the next iteration will be.\u00a0 CTF participants competed against each other trying to research flaws, exploit vulnerabilities or find hidden messages embedded in different (web) applications.<\/p>\n<p>The CTF consisted of <strong>22 challenges<\/strong>. Most challenges involved little hacking experience to present newcomers a low bar to overcome.<\/p>\n<p>The covered topics included <strong>reverse engineering, cryptography, web application hacking, exploitation and trivia.<\/strong><\/p>\n<p>We had <strong>211 teams<\/strong> participating from all over the world, of which 119 stole at least one flag. Many teams consisted of <strong>small groups up to 5 people<\/strong>.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"size-full wp-image-297 alignnone\" title=\"Team Size Distribution\" src=\"https:\/\/blog.mozilla.org\/webappsec\/files\/2012\/01\/chart.png\" alt=\"\" width=\"345\" height=\"150\" \/><\/p>\n<p>The overall <strong>traffic<\/strong> amounted to <strong>11 GiB<\/strong> and our servers handled it quite well<\/p>\n<p>Within 24 hours, <strong>every challenge got solved<\/strong>. We had a close fight for the first place with<strong> <a href=\"http:\/\/leetmore.ctf.su\/\">LeetMore<\/a> ending up on first and <a href=\"http:\/\/eindbazen.net\/\">Eindbazen<\/a> on second place<\/strong>, being only 4 points apart by having solved everything. You can see some\u00a0<a href=\"http:\/\/people.mozilla.com\/~fbraun\/ctf\/top15.html\">nice graphs<\/a> about the standings and how they evolved throughout the CTF. A lot of teams performed well and many did a great job to <a href=\"https:\/\/wiki.mozilla.org\/Security\/Events\/CTF\/WriteUp2012\">sum up all the tasks and their solutions<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p>Besides all the hacking, we also had a <strong>fun challenge<\/strong> where <a href=\"https:\/\/twitter.com\/#!\/search?q=%23SwimSuitUp\">people were supposed to dress up in a swim-suit<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p>Fortunately, no serious security flaws were misused to break other people&#8217;s experience and we hope that everybody had a safe ride \ud83d\ude09 Ultimately we would like to thank all the participants for making this event so enjoyable!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On January 25th, with the help of many volunteers, we hosted the first Mozilla Capture The Flag (CTF). The Mozilla CTF will be a recurring security event, although we are &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/\">Read more<\/a><\/p>\n","protected":false},"author":405,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[121],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mozilla CTF 2012 - Aftermath - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Frederik Braun\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/\",\"name\":\"Mozilla CTF 2012 - Aftermath - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/webappsec\/files\/2012\/01\/chart.png\",\"datePublished\":\"2012-01-31T22:35:21+00:00\",\"dateModified\":\"2012-01-31T22:35:21+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/9a9b6565cbac3c698b84dbd7447e438f\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/webappsec\/files\/2012\/01\/chart.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/webappsec\/files\/2012\/01\/chart.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mozilla CTF 2012 &#8211; Aftermath\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/9a9b6565cbac3c698b84dbd7447e438f\",\"name\":\"Frederik Braun\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/f188d5ece9062fd6ec08fbeb06809792\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1f41f3ef916e1c1fc9401cf3212a6708?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1f41f3ef916e1c1fc9401cf3212a6708?s=96&d=identicon&r=g\",\"caption\":\"Frederik Braun\"},\"description\":\"Frederik Braun defends Mozilla Firefox as a Staff Security Engineer in Berlin. He's also a member of the W3C Web Application Security Working Group and co-authored the Subresource Integrity standard.\",\"sameAs\":[\"https:\/\/frederik-braun.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mozilla CTF 2012 - Aftermath - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/","twitter_misc":{"Written by":"Frederik Braun","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/","url":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/","name":"Mozilla CTF 2012 - Aftermath - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/webappsec\/files\/2012\/01\/chart.png","datePublished":"2012-01-31T22:35:21+00:00","dateModified":"2012-01-31T22:35:21+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/9a9b6565cbac3c698b84dbd7447e438f"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#primaryimage","url":"https:\/\/blog.mozilla.org\/webappsec\/files\/2012\/01\/chart.png","contentUrl":"https:\/\/blog.mozilla.org\/webappsec\/files\/2012\/01\/chart.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2012\/01\/31\/after-mozilla-ctf2012\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Mozilla CTF 2012 &#8211; Aftermath"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/9a9b6565cbac3c698b84dbd7447e438f","name":"Frederik Braun","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/f188d5ece9062fd6ec08fbeb06809792","url":"https:\/\/secure.gravatar.com\/avatar\/1f41f3ef916e1c1fc9401cf3212a6708?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1f41f3ef916e1c1fc9401cf3212a6708?s=96&d=identicon&r=g","caption":"Frederik Braun"},"description":"Frederik Braun defends Mozilla Firefox as a Staff Security Engineer in Berlin. He's also a member of the W3C Web Application Security Working Group and co-authored the Subresource Integrity standard.","sameAs":["https:\/\/frederik-braun.com"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/295"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/405"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=295"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/295\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=295"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}