home / journal / inctf

InCTF Nationals 2019


This is a summary of my experience at InCTF, writeups can be found here.

The *national* version of InCTF is not just a single-day CTF. It starts with mock challenges and live teaching sessions that are run througout the month of October, followed by a qualifier CTF in November.

The qualifier round runs for 24 hours and it is extremely beginner friendly. Depending on which age group you fall into (high school, college, or professional) you qualify for the three-day conference in the last week of December.

Day one

There were lots of amazing talks. If you go to my Twitter profile and scroll down to somewhere around December 2019 you'll find some tweets by me that mention the talks that I attended. I loved the talk on Digital Forensics by Ajith Ravindran. One of the talks that I didn't mention but I liked the most was about Advanced Persistent Threats by Shaunak Ganorkar.

On the first night, there was a campfire where we were divided into groups and we talked about how we got started in hacking. It was a great way to chill and network with people having similar interests. If you have the opportunity to participate in InCTF Nationals, I highly recommend you to do so just to be around some really awesome hackers.

Day two

On the second day, we had an attack-defense CTF. This was my first time playing attack-defense and I completely bombed it. We were grouped randomly in threes and we had a few services on our machine that we had to protect. Unfortunately, I do not recall exactly what we had to do, but I can say for sure that our team messed up pretty bad. Still there is something really cool about playing an onsite attack-defense and I loved it.

We also had talks and hacking stalls. Personally, I didn't get a lot of time in the hacking stalls but from the little time I spent roaming around I could see various cool things such as a lock-picking, car hacking, and I think some hardware stuff. They even had their own hardware badge for the hardware CTF (which in retrospect I should've participated in).

Day three

For the final CTF, the problem-set was relatively easy so the most important thing to keep in mind was the workflow. Though I had worked a lot on my workflow leading up to the CTF, they didn't allow us to use our own systems so I had a lot of small issues with the tooling. They wanted us to use their lab computers to prevent flag-sharing, but in my opinion it really doesn't help prevent it, rather it slows down the whole process.

In the last thirty minutes or so of the CTF, they hid the scoreboard. Before they hid it, I was ranked 2nd. The person who was 1st had a huge margin above me; but below me, people were closing in. I just solved a single challenge after the scoreboard was hidden, so I was really anxious whether I would be able to hold that position. They later released the scoreboard and I was 2nd.

The CTF roughly ran from 9AM to 4PM and for people who where over enthusiastic about it, we didn't even go for lunch. We ate some stuff that they brought in for us in the lab :) you can imagine that after such an elongated stress on the mind you wouldn't want to do anything, but coming 2nd gave me some energy to stay awake for the rest of the day.