I wrote another Ghost in the Shellcode story up on twitter thread[0], but I'd like to share it here also.<p>In 2013, I wrote a GitS challenge called "hackerbook". It was a "misc" challenge where I presented you with a series of photos of prominent hackers at the time and asked you their name. It worked on the same principle as reCaptcha, I only knew the names of about 30 of the hackers and put those into the database. For the remaining ones, I accepted any answer but logged it to the database. If you correctly named all the 30 that I knew, you got the flag.<p>I wrote it because I thought it'd be funny to get people to give up the real names of their friends. I also thought it might be a good way to harvest the names of hackers[1] who are opsec thought leaders. For the remaining photos, I went to every CTF team's twitter, facebook, flickr, etc and sliced out random people.<p>The challenge worked pretty well at de-anonymizing a few folks. One player even sent me a photo of his friend's passport, claiming my challenge was broken and not accepting the correct name.<p>I think we already knew most people would give away all their personal details for a chance to win a free ice cream but they'll also give away their friends details for made up internet points.<p>[0] <a href="https://twitter.com/withzombies/status/1529145520027054081" rel="nofollow">https://twitter.com/withzombies/status/1529145520027054081</a><p>[1] <a href="https://twitter.com/thegrugq" rel="nofollow">https://twitter.com/thegrugq</a>
> There may have been others, but this is how I remember it.<p>Uh, yeah, DC949 ran Open Capture The Flag (OCTF) at Defcon from 2005 through at least 2010[0].<p>We later ran the original Barcode Shmarcode[1] contest during Snowpocalypse at Shmoocon so I know the Ghost in the Shellcode team was at least somewhat aware of DC949.<p>[0] <a href="https://www.youtube.com/watch?v=9Gs2Ja6Gt4Q" rel="nofollow">https://www.youtube.com/watch?v=9Gs2Ja6Gt4Q</a> - DEFCON 18: oCTF: 5 years in 50 minutes 1/4 (2010)<p>[1] <a href="https://www.shmoocon.org/barcode-shmarcode/" rel="nofollow">https://www.shmoocon.org/barcode-shmarcode/</a> - Shmoocon: Barcode Shmarcode
If you're new to CTF and want to try your hand at it, the qualifying round for DEFCON CTF starts tonight.<p>DEFCON is easily the most prestigious of the CTF competitions, so much so that it needs to pre-qualify the teams competing and that competition[0] starts tonight and runs all weekend.<p>[0] <a href="https://nautilus.institute/" rel="nofollow">https://nautilus.institute/</a>