Each team will be given 20 minutes for presentation, and 3 minutes for Q&A. The final presentation should consist of six major parts: introduction, comparison, demonstration of your backdoor and defense, attacks, defenses, comparisons, and final thought.
You should introduce yourself to others. Since everyone knows the specification of the system, you should not describe the basic functionality of your system, and go straight to the next part.
You should first briefly introduce your backdoors (both easy and difficult one). Discuss why you thought your backdoor (hard one) is going to be difficult to be detected. You then show an actual demo of your backdoors.
Secondly, you should prepare for a patch for each of the backdoors you created, and briefly explain how it would prevent the exploits that you created. You should also demonstrate that the same exploit script does not work after patching.
Share both your success and failure story. Talk how you successfully attacked the other services. Do you have any interesting episode to share? Talk also about some failed attempts. This is to demonstrate how far you have gone through. Which backdoor was the most difficult to exploit? If failed, what was the reason?
Talk also about attacks against yourself. Did you observe any interesting attacks that you haven't thought about? What was the most intriguing attacks against you? Did other people identified some functional bugs that you were not aware of?
Since you have audited other teams' source code, we would like to hear your impression about observing two different implementations of the same system. What was the most distinctive characterstics of your system compared to others? How did you think the designs of the other systems? For example, you would express your impression about how differently the same feature was implemented in other teams' systems. Why do you think your system differs from the other systems? Why do you think your design is better than others, or vice versa. Any comparative comments about the systems and attacks are welcome here.
What did you learn from the CTF so far? What did you learn from other team's backdoor or system designs? If you had more time to implement your backdoor, what kind of improvments would you be able to make? How was your teamwork? What is the things that you regret the most?
-
Your PPT (or a link to gitpitch) should be uploaded to KLMS by 5/15 23:59:59.
-
You should upload two patches to your own git repository as two separate branches. Name the two branches as follows:
easypatchandhardpatch. The deadline is by 5/15 23:59:59.