> If you are playing as a team, please note that you will have to nominate one person from your team who can avail the benefits.

this is so funny!!! last year there were teams who played as team but registered in the name of team as well as individual names. they nominated themselves for prizes and grabbed prizes. there was one team whose members got first 10 of the total 30 prizes!!! some members of the team were part of the event organizers itself!!! can't believe it? there were open sharing of answers in their irc channel and these organizers were active in kicking out people sharing answers and playing as teams. that is fine but they kicked out based on their guessing some of them got ejected includes students who played as per rules. they revised the initial scorecard and kicked out lot of guys including us. however the organizers who kicked out us itself were part of the team that grabbed individual prizes, played in final and collected prizes!!! sad state of affairs :-( :-( :-(

It would really help if you can point out specific names with factual proof about the volunteers being participant of CTF. We request everyone to play ethically. Don't be naughty. If you have concrete solution against cheating please volunteer and submit the same to us at info_at_nullcon_dot_net.

Comment Temporarily Unavailable

The comment is temporarily unable to show this text due to maintenance downtime or capacity problems. Please try again later.

I liked the binary exploitation challenges (although 2 of them very unreachable / offline for quite some time).
The points rewarded for them seem extremely low though, when compared to other challenges.
For example, crypto-500 was basically "run openssl on this file", worth more points than any of the pwnables..
The organizers should put a bit more effort into normalizing the challenge scores.

Oh and then there is the insane flag sharing going on..

i believe forensics were the best.

every thing was nice and I liked the challenges but something was wrong with scoring ... simple xoring problem worth more than reverse engineering !!! but in general it deserves 5/5

The IRC channels were largely unmonitored and unmodded. A lot of flag sharing and begging was occuring without reprisal. Some of the challs were good (exploit/re/web) but the programming, crypto and trivia challenges were pure bullshit. The crypto challenges were really badly set with granting a ridiculous amount of points. The lack of a flag format made guessing pretty much mandatory for most of the challenges. Very poor organisation.

Bad scoring -> Web, Pwn, Re and Forensics were scored very low compared to Recon tasks. Also people were buying / selling flags on the official channel...

I agree that scoring seemed remarkably inconsistent and a lot of the challenges made little sense. Many of the forensics challenges felt like they were based more on obscurity than logic. I had a good idea of what I was looking for and how to get there, but was overwhelmed with multiple largely similar files and no context.

Also observe which country appears most at the top of the scoreboard, should tell you everything you need to know: http://ctf.nullcon.net/scoreboard.php

Why HackIM sucks? Insane amount of reasons.
Admins - NEVER AVAILABLE. NEVER MONITOR.
IRC - Always chaos and answer sharing everywhere. You will have at the least 10 guys minimum wanting to share flags with you by the end of the CTF if you idle all the time.
Challenges - Unreasonable, not professional, crazy waste of time. Exceptions exist in this though. Web was amazing considering last time web was ridiculous. Otherwise there is mismanagement of scores, challenges that waste your time more than teach you anything (you'll never solve qns like Final destination of Gagghar river is "near fatehpur", said a source who got the answer post competition)
Cheating - Admins are damn aware of the ongoing cheating. I talked to a whistle blower of the previous edition of CTF who emailed the admin about the cheating that prevailed but the admins in turn informed the cheats, allowed them to participate in the finals. I am trying to convince this guy to forward the mail trails to me although he is reluctant thanks to the admins. But once I get this information I will publish this. Mr @Murtuja Bharmal, WHAT DO YOU PLAN TO DO WHEN I PUBLISH THE INEFFECTIVENESS OF YOUR ORGANIZING TEAM? The proof surely makes me assume that the admins are in with who should WIN and who SHOULD NOT.
You can see huge fluctuations in the scoreboard in the last hours, realize everyone is cheating, still turn a blind eye towards this. I agree. But what about those who report issues to you?
THERE CTF IS RIGGED. CTFtime organizers please remove this CTF from a rating event at least.

Challanges itself where doable, instructions mostly clear.

Support, Cheating, Scoring/Rating, Moderations. This CTF isn't worthy to even be mentioned on CTFtime.

Challenges :
They were good in some categories ( re / pwn / web ) but it was a fucking joke in some ( trivia / prog / crypto ) making the scoring not balanced at all ...

Infrastructure :
The website got dos'ed during the last hours and we couldn't submit a flag ... Otherwise it was ok.

Organization :
It was super messy !
The IRC chan was not monitored so a lot of people shared flags or asked for it...
The admin were not available at all...

Scoreboard:
That's the worst thing on this ctf... The scorboard is at the current time completly wrong !
Most teams on the top30 have visibly shared flags or cheated during the last hours... (just look at it ... common' )
Anyway, by kicking out the non legit teams it could be possible to make a real scoreboard to reward the ones who have played regularly

Overall rating : 2/5

I'm going to be plain spoken here.

There were many good challenges(RE, some Web). There were many embarrassing challenges("Programming", "Trivia", some Crypto). There was a mix of easy and hard challenges, but I feel the easy challenges were worth a disturbingly high amount of points. I want to be constructive in my criticism. So for the future, here are three important considerations I think most people can agree on:
1) I think it would be good to either remove the easier challenges, or even better, make the "programming", "trivia", "misc", and other easier tasks worth one fifth of the points. In many cases, it was more difficult to understand the CTF's poor English than to understand the problem. I was hesitant to move onto the real challenges because the simple challenges were worth so many points. I never got a chance to really delve into some of the RE, Web, and Forensics; I was too worried that the easier challenges would dwarf the other tasks in points.
2) English can be tricky at times, but I feel this CTF would benefit from a good proofreader. The interface was nice enough, but the English was something you would expect from an insane homeless man. I would leave a kinder review, but I seriously doubt that some of the authors even read what they wrote. There were many dyslexic, repetitious, and nonsensical sentences(even by this industry's standards). Every sentence seemed to have a dysfunctional problem. I can expect a few grammatical errors and clumsy wordings... but the writing here was almost to the point of being a forensics exercise. It reflected poorly on your organization. My team and I often debated on what the CTF was trying to say. Especially in the "programming" challenges. If you want a proofreader, I can do this for you for 2017 and possibly future years. My written English communication is not superb, but it is above average in the US. English is my first and only language(unless you count 3 years of ancient Latin). I understand that I cannot be a proofreader and a nullcon competitor during the same year. I'm also clearly not afraid to be honest(even blunt). Since I like what you guys do, I will put in no more than 10 hours for free(that should be more than enough to proofread your 2017 CTF). I can proofread your challenges to a college writing level. I would appreciate a T-Shirt, some stickers, and/or some other swag :). I would prefer to not be publicly acknowledged unless we can have some meaningful moderation(which I will help provide).
#3 in second comment

3) Though I solved all but the second "programming" challenges, none of these challenges made me consider programming. They were mostly the ravings of a half-brained nitwit. "Programming" 5 was solved by Googling "Conways Life online" http://www.bitstorm.org/gameoflife/ . You clearly have sufficiently skilled people making your RE and Web tasks. I doubt these people made your shameful "Programming" tasks. This is what I would expect from Programming 5: "What is London's average wind direction at 12:20 AM GMT? Only use days which are divisible by their month plus the last digit of their year(for example: Jan 2nd 2001, Feb 3rd 2011, Jan 6th 2012, and Feb 26th 2010... but not Jan 1st 2001, Feb 11th 2010 or April 4th 2011)? Use the data from Jan 1st 2005 through Jan 1st 2015. Round to the fifth decimal. Consider using http://api.wunderground.com/" This would have been a nightmare to solve without a little bit of coding. The contestant could solve this by signing up for a free api key from http://api.wunderground.com/. http://api.wunderground.com/api/<<REPLACE WITH API KEY>>/history_20050901/q/UK/London.json. Then the contestant would write a moderately challenging loop to calculate the wind direction. I'm sure the man who made your programming tasks is well intentioned, but fire his ass(if he lacks social skills) or hire him as a janitor(if he's a nice guy). He's a horrible programmer. This category brought you more shame than if you didn't have a "programming" category at all. A more appropriate title for this category might be "Google Fu" also known as "Trivia."

This CTF... is a joke, and It seems I'm part of the punch line. The cheating mildly bothered me, but it wasn't the end of the world. I was mostly irritated by the pathetic challenges. It's clear that there were some legitimate challenge makers... which actually makes me *more* angry that this CTF tarnished their names and efforts. There must be some retribution. Is it possible to give a CTF negative points? Ban them from CTFtime? I suppose CTFs get the reputation they deserve. Perhaps we could make reputation a touch more impacting on CTF time? I feel a 1.4 out of 5 stars is about right for this CTF. It had a fine user interface and some of the challenges were legitimate. However, the CTF was rampant with cheating, it was unmoderated, it even brings doubt to the integrity of the CTF leadership, and(like many twisted plots) it was taken down in the end. Still it has a glimmer of hope.

Thanks for the comments and feedback everyone :). It was really really helpful. we will try our best to incorporate the changes suggested for next year’s hackIM:
- IRC: We will try to have more volunteers online on IRC for answering queries round the clock.
- (response to c00de stuff) Please share the communication with facts/proof that you have (or will receive) at info [at] nullcon.net and we will make sure any volunteers who were cheating are banned from being a part of hackIM volunteers in future.
- Please share concrete and detailed ideas on how to stop flag sharing, if you have any. If you would like to contribute and volunteer to create a module for randomizing flags or something else, please send us an email at info at nullcon.net
- Please note that there are no admins but only volunteers helping with the CTF. All official communication should be sent to a nullcon.net email ID (info, ctf) and not with anyone on IRC or with a non nullcon.net email ID. This will ensure timely action from us.
- Please share facts/proof instead of allegations about flag sharing/cheating as facts help us inform the cheating teams about their misconduct and ban them right away. Allegations are of no help in this case.
- (Response to saint saint) This year, we missed on proof reading the content. We will take care of it next year. Please send us an email on info at nullcon.net if you would like to volunteer for next year.

Thanks,
@

How to stop flag sharing / hints selling? Start with a proper unified flag format. Seriously. There were a lot of tasks were the hardest part was figuring out what exactly is the format of flag, and a lot of people were frustrated that they solved the task but can't get points because they couldn't guess that the flag is title of webpage they got link to, or that the flag is "something.com" and not "something" or "www.something.com". Flag should be obvious and clear when you finally get it. Have you ever read this: https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown ? You should.

"Please share facts/proof instead of allegations about flag sharing/cheating" :D :D and how exactly? With random IRC names of people selling/buying flags? Also it requires only a single glance at scoreboard to see that suddenly India became CTF masters, even though before the best Indian teams were not even in the top 100 on ctftime.

Response to Pharisaeus

1. Thanks for the feedback on the format. We will definitely take care of that next year.
2. Based on our analysis we try to fix the cheating as much as possible by reverting to a known good state. But obviously, we cant fix what we dont know. So, we request everyone, if you have any proof against a team/player, please send it to us so we can ban them.
3. Above all, we request all the teams and players to play ethically and discourage cheating (and cheaters).

Thanks,
@

I asked for hint for forensics 300 on IRC once (yeah, sorry, we were quite desperate).

I was greeted with five guys PMing me, wanting to trade flags. Seriously, WTF? I could've traded our web 500 for at least 4 other flags ("selling" our solution/flag few times in the process), but that's, like, opposite of what CTF's should be about. I want to SOLVE challenges, not TRADE them. (Btw. just to be clear - of course I didn't trade our flag with anyone).

I guess most top teams (especially indian ones - sorry) exchanged their flags and solutions, and that's how they ended up so high in the ranking (not necessarily all of them, maybe).

"Please share facts/proof instead of allegations about flag sharing/cheating" - I could've shared screen with random people blatantly asking for flags/trading flags on irc, but unfortunatelly I closed tab with IRC.

"2. Based on our analysis we try to fix the cheating as much as possible by reverting to a known good state. But obviously, we cant fix what we dont know. So, we request everyone, if you have any proof against a team/player, please send it to us so we can ban them. "
Yeah, it's impossible. But thanks that you acknowledge that issue and try to improve in the future. I appreciate that :>.

And moving on to other things. Flag format - really, that is important. Flag should be obvious when you see it. Reading https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown is good suggestion.

Last but not least, "know india" challenge was morbid. I almost hope it was meant to be troll challenge, because stupid answers/answers with typo (!)/impossible-to-guess anwers made the challenge almost unsolvable.

Wrapping it up, some kind words - most "real" challenges was really interesting (RE was really reversing, not break-in-2016-type-reversing, Web was interesting and clever, and Pwns was hard but solvable). Shame that organisational issues and decisions spoiled otherwise great CTF. Keep it up, and try to improve next year. Cheers...

Aseem Jakhar --
oh come on, "reverting to a known good state", "we cant fix what we dont know". You reverted in 2015, this doesn't work. Situation is the same as last year, nothing was made to prevent cheating. To make problem fixed you first of all need a will to fix.
Cheating problem is not new, and your CTF is not something so different, that can not be managed properly. You have all server logs, analyse them -- I'm pretty sure you can find 80% of cheaters only from web server logs, if you really want to fix a problem. Pay attention on close submission time of flags by different teams, logins from same IP of "independent" teams, connection stats to game services (e.g. if player never connected to game service but sends flag -- this is suspicious), require that best 23 indian teams from TOP-30 to send writeups.
There are also suspicious made about self-nomination of your "volunteers" to prizes -- publish full list of who is volunteering now, check their connection to winners (if they are relatives, friends, play in same team, work in same organization, etc). Also publish information about last year volunteers, and their participation in finals. This is actually bad idea to get external folks to make or manage tasks, but if you do -- make sure the process is transparent.

You actually have good tasks in pwn, web, re categories, which IMO can make this CTF back to 20-30 points, but shitty organisation ruins it all. You tried to save time with external volunteers -- but now need to remove them all and do investigation, this will take same time. Or don't do anything, and stop pretending that you are making international CTF.

Aseem Jakhar
> Please share concrete and detailed ideas on how to stop flag sharing, if you have any.

1) Have someone on IRC that will answer people who want to trade flags and give them a special flag that will be accepted by the system and will award them points.
2) Wait for the CTF to end for them to "distribute" that flag by sharing it with other teams.
3) Ban everyone who has submitted that flag.

And for all the tasks (I'm talking especially about the "forensics" challenges): make the challenges FUN/interesting instead of FRUSTRATING. It's not fun if you spend a few hours searching through a pcap file, reconstructing a file system, and recovering a deleted "flag.txt" file only to find that someone is actually laughing at you and saying "You thought there would be a flag here, huh? Here, have a kick in the balls instead!".

@Overfl0: I would say that it's common to troll competitors(a little). I would only expect it in high-point challenges. I found the pcap file to be exhausting, but tolerable. Most of the Forensics were tedious... even obscure... but tolerable. It was clear that the task maker at least made an effort(though he may not have enough skills yet to be creating CTF challenges).

@Mykola
What you're speaking of is attribution... perhaps considered part of forensics. Judging by their forensics challenges, Nullcon is hardworking, but wildly under-trained and under-experienced in forensics. I like your ideas, most of them would work(as long as no one buys write ups). Rectification is definitely in order. Teams must be banned. Evidence must be gathered. Prizes must be suspended until proof of competency is made. We're all a little miffed. I worked very hard too.

@Aseem Jakhar
I will spend the last 10 hour shift as an IRC moderator(since I wont be able to compete anyway).
Here is a way I just thought of for stopping flag sharing: I'll post the idea so others can comment on any(practical) weaknesses. Yes, MD5 has a collision risk... what cypher would you suggest? Be gentle with my ego if my idea is wrong. I'm not a cypherpunk and I've only started CTFs within the past year... though I've got a few Odays to my name. What if every flag is a simple MD5(teamname+ChallengeSecretSalt+CTFSecretSalt)? The server calculates what the MD5 should be for that team for each challenge. The team sends their hash in the form of "HIM{hash}" to the server... if "HIM" is too obvious on some challenges, simply having something like "5f4dcc3b5aa765d61d8327deb882cf99" should be good enough. Then the server compares against the flag hash that the team sent. This might get extremely tricky in REs and PWNables.... But it would work for web, much of forensics, trivia, programming, and misc. This would require a couple hard days to implement, but it would be worth it. I have sent you an email requesting to volunteer 10 hrs of time to proofread your challenges and convert them(as best as I am able to) into clean and concise English. Your CTF could be quite enjoyable if it weren't for the rampant cheating and three of the categories(programming, trivia, misc).

Thanks msm, Mykola Ilin, Overfl0, Saint Saint and others for your critical feedback and most importantly - suggestions for improvement. We will try to implement most measures to make hackIM fun for everyone.

Thanks again :)
@

forensics challenges are really challenging....

There is no use of sharing information about cheaters. You will only be kicked out. Happened last time to me. I can share the proof of it. The board reversal measure taken was taken so cleverly that people felt the cheaters were out. But cheaters still remained and I saw it in EMC's twitter post when I saw their picture on the finalist. Again do you wish to explain this @Aseem?

c00de stuff Help us in improving the CTF and enforce rules. Im assuming, If you saw their picture, it means that you know them personally and may have email proofs as well. This would be really helpful as we can provide factual proof against them with email headers. please send email to info at nullcon.net about it. We will take action if we have sufficient proof against them. We cannot force you to share information and it totally depends on you if you are willing to help. Please note the board reversal is a manual process based on our analysis of suspicious submissions and may have some consequences on players who did not cheat. We need a better framework for reducing the chances of cheating and we have receive very good suggestions in the above comments which we plan to implement in the next version. Again, if you think you can help us in anyway, feel free to contribute.

Thanks,
@

hahaha c00de... check this out with https://pbs.twimg.com/media/CTW-qdwU8AAj5S_.jpg:large I am not asking you to assume anything :)

@Ozzy - hahah! Yeah! But you don't have enough proof... it is just circumstantial :P lol
@Aseem - I have proof I emailed you last time. I emailed two screenshots of which one was given by another person. He came back and started shouting at me telling why was I going and telling other guys that he is "snitching on the cheats". If you make the process of responsible disclosure open and known to all and keep people's information safe, you will see more whistle blowers. I know them because I did my reconnaissance and the proofs I submitted you can easily know who it was about.
I openly dare you to release the process of disqualification with mail trails of the proofs submitted last time. If you have no problem KINDLY RELEASE ALL THE PROCESS THAT UNDERWENT SCRUTINY LAST TIME.
Simple - Take out the previous mails and tell the process followed.

@Rest - Do not report to nullcon owners till they owe up to the work and make it a safe environment for whistleblowing on cheaters.

@Ozzy: If that is true, Please give me the proofs over IRC. Last time I had reported it to admins over IRC and next day, the board was "reverted to good state" and I was kicked out. lol. I also talked to someone in IRC who said the same thing that you did. Ping me, we will post this issue in ctftime issues.

Ozzy Narcozzy: The snapshot was shared with the volunteers. Thanks for the info. We will refrain from sharing the direct snapshots and emails starting now. However, in that case would request you to send complete snapshots + email headers + description of what and who is involed instead of only portions.
In case you would like to to private disclosure only to me. you can send an email to aseem a{t} payatu dot com and I will make sure to hide any names and references.

Thanks,
@

Guys. I don't there is any point in shouting on the administrators who sit and hold a open CTF for us to play in their free time.
It is hard work of theirs however badly done.

@Aseem: I have 2 feedbacks already told to Himanshu and donfos or someone on the IRC -
1. Few challenges were just unreasonably named, scored (misc 300 and for 100) - I solved for100 in some 4 hours but misc300 had the qns reset over and over. Also I heard from some that correct answers were not being accepted.
2. Unavailability of admins on the IRC to monitor - I think if the chatroom is not over IRC rather something that can be heavily monitored, the leaking of solutions cross team would be significantly reduced.
And it is true, I am heartbroken and disappointed to see myself overtaken by cheaters taking over the board again leaving my 4000 point gain for nothing. I had scored all this over 2 days (didn't participate the 3rd day). But I also believe this is a hard task for you.
This was a brilliant document shared on the IRC, maybe you guys can have a look at it -
https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown

I am sure, cheaters once caught should be barred from playing in the next 3 years or so, would encourage a fairer play. But Yes! I didn't play on the Third day because I already saw the enormous amounts of cheating on the IRC and was pissed of and had given up. I am sure, the number of solves of misc 300 on the board would be way lesser than the actually number of people who actually retrieved the flag! :P

@Others - This CTF was a huge leap of improvement in web challenges side compared to the last time. Please see the positive aspects as well.

Anyway, Kudos to the RE folks who made my life a living misery :D I learnt a lot about INDIA! :D haha

@Tanoy Bose, Thank you for the feedback and empathy :). Both of your suggestions are good. Infact we are already planning to move away from IRC.

Thanks,
@

You should learn what the India cricket board is doing to avoid "conflicts of interest" in IPL cricket :P
Do not have organizers and participants from same team or from same group of friends.
Make the flags different for everyone, there can be small variations in challenges itself for each participant.
Make it only a group event. Allow individuals to form team of 5-6 members. If you know participants from same known CTF group, same college, make them play as a group.
Do not allow the members of same CTF team play as individual, play as group, win all the prizes, pose for photos with ther team members in the organizing team! #coredump #bootup
Why need a chat room for solving CTF? Do not use any chat room or IRC.
Watch out for your volunteers compete in final and collect prizes without participating in HackIM, as happened last time.

@dracula I'd argue that IRCs are a very important part of any CTF. Properly moderated IRC channels anyway. It allows for quick communication between the organisers and the participants in the event infrastructure goes down or problems with challenges arise. Reputable CTFs usually have a well moderated IRC and while flag sharing does exist at the smaller scale, it isn't as prevalent as this one.

I agree with you on pretty much everything else though.

There are a couple of factors that contributed to the current state of affairs:
1. Uncertainty regarding what exactly the challenges are asking for (this includes badly worded descriptions in horrible english and lack of proper flag formats (sometimes completely asinine ala Crypto 1))
2. Lack of proper communication between the players and the organisers: the official means of communication is supposed to be email, but they were unresponsive on that front. There was very little administration of the 'unofficial' IRC channel with the admins only popping in to mass dump hints for challenges and then leaving.
3. Broken challenges with a lot of ambiguity: the Know India challenge comes to mind. People grew hugely frustrated when trying an answer they knew to be true and the IRC essentially degenerated to into asking for the 'correct' answers. Another 'broken' challenge was Web 400 where the web application was returning 'Flag: ' without the actual content. I'm not sure if this was meant to be intentional with the wrong content-length but if so, it would have been better if it returned "Partial-" instead to present a marker to the player.
4. Lack of reprisals for hint and flag begging. Typically, players who beg for flags or hints in a reputable CTF would get the ban hammer to the face really quick.
5. CTFs are typically played in groups. So individual-only CTFs motivate groups to combine their efforts but multiply their yields with multiple accounts.

The combination of the above essentially provided a hotbed for massive cheating.

On the point of minor variations for challenges: this is admittedly not an easy thing to achieve. It has been done before (see: PicoCTF) but personalising challenges can only go so far. It is a more effective strategy for an admin to quell any greasiness before it catches fire.

I'm not sure why so many people are spoon feeding the organisers so many solutions to their problems. These problems rarely occur in other CTFs. Perhaps the organisers should re-think their philosophy and observe how better CTFs are conducted and identify where they fall short. Just because it is run by volunteers doesn't give it a free pass to have lower standards. In fact, that does not make sense at all. Most CTFs are run 'voluntarily' by 'volunteers' (e.g. Hack in the Box KL was run by a great group of volunteers, CSAW is run by students, and 32c3 is run by a CTF team comprised of two hackerspaces) and they are amazing. Most CTFs aren't run commercially.

For the organizers, if you can't come up with a scheme to issue unique flags to each participant for each challenge, you can surely do some simple database analysis to compare submission time for various flags. Do you really think that people submitting the same flag within seconds of each other is a coincidence? Submitting in the same order as each other? Maybe even submitting from the same IP? How about the mad rush to submit in the that minutes of the game? Since yours is a "individual" competition, surely you can't believe that one person is solving several challenges magically in the last moments of the game. The proof is right in front of you. Stop expecting others to provide insight into your own infrastructure. If you want to show good faith how about posting a database dump of all submitted flags for the community to analyze?

s/submit in the that minutes of the game/submit in the last minutes of the game/

We have updated the final scoreboard for HackIM 2106 after removing discrepancies and disqualifying suspected players who shared flag. We will shortly post, our analysis and reason for disqualification the players on scoreboard.

@Ozzy @c00de - seems like nullcon and team have done a clean task to clear out the scoreboard. I have not cleared though, but I see a lot of the guys who deserved it to be online. Congos all.
@Derek - I wish I had that magic too :'( :D And looks like the organizers took it seriously to attempt stop that flag copiers this time. I see a lot of them who deserved to be there on the board this time.
Also I still believe that just review the IP logs of the people who connected and solved misc300 to those who submitted without connecting. This would give you the people who cheated. lol :D

Please submit scoreboard to CTFTime asap. thanks

Yes, please add the scoreboard.

Please add the scoreboard.

Hi, please add the scoreboard, thanks!

We are waiting for the scoreboard

Done

zero moderation, bad programming and crypto challenges (guess what, no programming was involved in either programming and crypto). Non standard flag . Overall pretty sour.

Why aren't the rankings correct as per final scoreboard on website ?

+1
5 Rating weight for breakin (https://ctftime.org/event/288) and 0 Rating weight for this ctf ... abused. I don't understand.

Nice that they uploaded ranking, sadly it's a bit "broken"... ;]

[blog](https://blog.rwx.kr/)