Editing DEF CON (section)

=== Capture the flag ===
The first instance of the DEF CON CTF was held in 1996, at the 4th DEF CON, and has been held since then every year.<ref>{{Cite web |last=Moss |first=Jeff |title=DEF CON Hacking Conference - Capture the Flag Archive |url=https://defcon.org/html/links/dc-ctf.html}}</ref> It's one of the few CTF in the attack/defense format. The prize of the winning team is a couple of black badges.<ref name=":0">{{Cite web |last=vulc@n of DDTek |date=2023 |title=A history of Capture the Flag at DEF CON |url=https://defcon.org/html/links/dc-ctf-history.html }}</ref>
{| class="wikitable"
|+Capture the Flag Timeline <ref>{{Cite web |title=A Brief History of CTF |url=https://psifertex.github.io/a-brief-history-of-ctf/#/2 |access-date=2023-12-20 |website=psifertex.github.io}}</ref><ref name=":0" />
!Year
!DEF CON
!Competing Teams
!Organizers
!Architecture
!Platform
!Winning Team
|-
|1996
|4
|
|Goons
|
|
|AJ Reznor
|-
|1997
|5
|
|Goons
|
|
|AJ Reznor
|-
|1998
|6
|
|Goons
|
|
|SNI
|-
|1999
|7
|
|Goons
|
|
|Ghetto Hackers
|-
|2000
|8
|
|Goons
|
|
|Ghetto Hackers
|-
|2001
|9
|
|Goons
|
|Multiple
|Ghetto Hackers & digirev
|-
|2002
|10
|
|Ghetto Hackers
|
|[[Red Hat Linux|Redhat]] 6.2
|Digital Revelation
|-
|2003
|11
|8
|Ghetto Hackers
|
|[[OpenBSD]]
|Anomaly
|-
|2004
|12
|8
|Ghetto Hackers
|i386
|Windows
|sk3wl0fr00t
|-
|2005
|13
|8
|Kenshoto
|i386
|[[FreeBSD]] 5.4
|shellphish
|-
|2006
|14
|8
|Kenshoto
|i386
|[[Solaris OS|Solaris]] 10
|1@stplace
|-
|2007
|15
|8
|Kenshoto
|i386
|FreeBSD
|1@stplace
|-
|2008
|16
|8
|Kenshoto
|i386
|FreeBSD
|Sk3wl of Root
|-
|2009
|17
|9
|DDTEK
|i386
|FreeBSD
|VedaGodz<ref>{{Cite web |title=Diutinus Defense Techonologies Corp. / DC17 |url=http://ddtek.biz/dc17.html |access-date=2023-12-27 |website=ddtek.biz}}</ref>
|-
|2010
|18
|12
|DDTEK
|i386
|FreeBSD & Debian
|ACME Pharm<ref>{{Cite web |title=Diutinus Defense Techonologies Corp. / DC18 |url=http://ddtek.biz/dc18.html |access-date=2023-12-27 |website=ddtek.biz}}</ref>
|-
|2011
|19
|12
|DDTEK
|i386
|FreeBSD
|European Nopsleders<ref>{{Cite web |title=Diutinus Defense Techonologies Corp. / Home |url=http://ddtek.biz/dc19.html |access-date=2023-12-27 |website=ddtek.biz}}</ref>
|-
|2012
|20
|20
|DDTEK
|i386
|FreeBSD
|Samurai
|-
|2013
|21
|20
|Legitimate Business Syndicate
|armv7
|Linux
|Plaid Parliament of Pwning
|-
|2014
|22
|20
|Legitimate Business Syndicate
|armv7 & i386
|Linux
|Plaid Parliament of Pwning
|-
|2015
|23
|15
|Legitimate Business Syndicate
|MIPS, x86 & armv7
|Linux
|DEFKOR
|-
|2016
|24
|15
|Legitimate Business Syndicate
|i386
|DECREE
|Plaid Parliament of Pwning
|-
|2017
|25
|15
|Legitimate Business Syndicate
|cLEMENCy
|cLEMENCy
|Plaid Parliament of Pwning
|-
|2018
|26
|24
|Order Of the Overflow
|MIPS, x86 & armv7
|Linux
|DEFKOR00T<ref>{{Cite web |title=DEF CON CTF 2018 |url=https://oooverflow.io/dc-ctf-2018-finals/ |access-date=2023-12-21 |website=OOO — DEF CON CTF |language=en-US}}</ref>
|-
|2019
|27
|16
|Order Of the Overflow
|x86, arm64, esoteric
|Linux, iOS, Xbox
|Plaid Parliament of Pwning<ref>{{Cite web |title=OOO — DEF CON CTF |url=https://oooverflow.io/dc-ctf-2019-finals/ |access-date=2023-12-21 |website=OOO — DEF CON CTF |language=en-US}}</ref>
|-
|2020
|28
|16
|Order Of the Overflow
|x86, esoteric
|Linux
|A*0*E<ref>{{Cite web |title=OOO — DEF CON CTF |url=https://oooverflow.io/dc-ctf-2020-finals/ |access-date=2023-12-21 |website=OOO — DEF CON CTF |language=en-US}}</ref>
|-
|2021
|29
|16
|Order Of the Overflow
|x86, microengine
|Linux
|Katzebin<ref>{{Cite web |title=OOO — DEF CON CTF |url=https://oooverflow.io/dc-ctf-2021-finals/ |access-date=2023-12-21 |website=OOO — DEF CON CTF |language=en-US}}</ref>
|-
|2022
|30
|16
|Nautilus Institute
|mixed
|
|Maple Mallard Magistrates<ref>{{Cite web|title=CTFtime.org / DEF CON CTF 2022 |url=https://ctftime.org/event/1662 |access-date=2024-09-06 |website=CTFtime |language=en-US}}</ref>
|-
|2023
|31
|12
|Nautilus Institute
|mixed
|
|Maple Mallard Magistrates<ref>{{Cite web|title=CTFtime.org / DEF CON CTF 2023 |url=https://ctftime.org/event/2078 |access-date=2024-09-06 |website=CTFtime |language=en-US}}</ref>
|-
|2024
|32
|12
|Nautilus Institute
|mixed
|
|Maple Mallard Magistrates<ref>{{Cite web|title=CTFtime.org / DEF CON CTF 2024 |url=https://ctftime.org/event/2462 |access-date=2024-09-09 |website=CTFtime |language=en-US}}</ref>
|}

==== Capture the Flag History ====
In 1996, the first DEF CON CTF was organized, with a couple of [[Server (computing)|servers]] for participants to hack, and judges to decide if a machine has been hacked, and award points accordingly.<ref>{{Cite web |last=Riley |first=Eller |date=2004 |title=Capture the Flag Games |url=https://www.blackhat.com/presentations/bh-asia-04/bh-jp-04-pdfs/bh-jp-04-eller/bh-jp-04-eller.pdf }}</ref>

In 2002, the company [[Immunix]] took part in the game under the moniker "immunex",<ref>{{Cite web |date=2001-07-09 |title=Defcon 9 - Capture The Flag Contest Network |url=https://defcon.org/html/defcon-9/defcon-9-events.html#Capture%20The%20Flag}}</ref> to benchmark the security of their Linux-based operating system, with modifications including [[Stackguard|StackGuard]], [[Format string attack|FormatGuard]], [[Openwall Project|OpenWall]]'s [[Stack buffer overflow|non-executable stack]], SubDomain (the ancestor of [[AppArmor]]), ...<ref>{{Cite web |title=4/23/ Immunix & Defcon: Defending Vulnerable Code From Intense Attack Crispin Cowan, Ph.D Seth Arnold, Steve Beattie, Chris Wright WireX and John. - ppt download |url=https://slideplayer.com/slide/8044490/ |access-date=2023-12-21 |website=slideplayer.com}}</ref>  Confident in their defense capabilities, they even opened access to their servers to other teams, and even spent some time taunting them. The team got the second place, and all their services deployed on their Immunix stack were never compromised.<ref>{{Cite journal |last=Crispin |first=Cowan |date=May 2003 |title=Defcon Capture the Flag: defending vulnerable code from intense attack |url=https://www.researchgate.net/publication/4012201 |journal=DARPA Information Survivability Conference and Exposition |volume=2 |issue=2003}}</ref> It was also the first year the contest had an organiser-provided services infrastructure connected to a real-time scoreboard.<ref>{{Cite web |last=Ghettohackers |title=Defcon 10 - Capture the Flag (CTF) contest |url=https://defcon.org/html/defcon-10/dc-10-post/defcon-10-ctf-rules.html}}</ref>

In 2003, the game had become so popular that a qualification round was introduced, with the previous winner automatically qualified.<ref>{{Cite web |last=The Ghetto Hackers |date=June 29, 2003 |title=Announcing Capture the Flag - Root Fu - Vegas 2003 @ DefCon 11 |url=https://defcon.org/html/defcon-11/events/dc-11-ctf-teams.html}}</ref>

In 2008, the Sk3wl of Root team took advantage of a [[Bug (computer)|bug]] in the game ([[Privileges-drop|privilege dropping]] and [[Process fork|forking]] were inverted), allowing them to have such a massive lead that they spent most of the CTF playing [[Guitar Hero]].<ref>{{Citation |last=Jordan |title=A Brief History of CTF |date=2021-04-06 |url=https://github.com/psifertex/a-brief-history-of-ctf |access-date=2023-12-20}}</ref><ref>{{Cite youtube |url=https://www.youtube.com/watch?v=ywxCWLFej_M |title=A Brief History of CTF - Jordan Wiens |date=2018-03-28 |time=35:41}}</ref>

In 2009, it was announced<ref>{{Cite web |date=2011-05-14 |title=Diutinus Defense Techonologies Corp. / Home |url=http://ddtek.biz/about.html |access-date=2023-12-21 |archive-url=https://web.archive.org/web/20110514105932/http://ddtek.biz/about.html |archive-date=2011-05-14 }}</ref> that "Diutinus Defense Technology Corp" (DDTEK) would be the new organisers, but nobody knew who they were. It was revealed at the end of the game that the team playing as sk3wl0fr00t was the organizer.<ref name=":0" /> "Hacking the top hacker contest seemed like a fun way to introduce ourselves to CTF organization. The yells of "bullshit" from CTF teams during the DEF CON 17 awards ceremony were very gratifying." said vulc@n, a member of DDTEK, on the topic.<ref name=":0" />

In 2011, the team "lollerskaters dropping from roflcopters" used a [[0day]] in [[FreeBSD]] (namely CVE-2011-4062<ref>{{Cite web |last=The FreeBSD Project |date=2011-09-28 |title=Buffer overflow in handling of UNIX socket addresses |url=https://www.freebsd.org/security/advisories/FreeBSD-SA-11:05.unix.asc }}</ref>) to escape [[FreeBSD jail|jails]], causing havoc in the game's infrastructure.<ref>{{Cite web |last=routardz |title=Defcon 19 CTF - CTF Inside |url=https://www.routards.org/2011/08/defcon-19-ctf-ctf-inside.html |access-date=2023-12-20}}</ref>

In 2016, the 15th edition of the CTF was done in partnership with the [[DARPA]], as part of its [[2016 Cyber Grand Challenge|Cyber Grand Challenge]] program, where teams wrote autonomous systems to play the game without any human interaction.<ref>{{Cite web |title=Cyber Grand Challenge (CGC) (Archived) |url=https://www.darpa.mil/program/cyber-grand-challenge |access-date=2023-12-20 |website=www.darpa.mil}}</ref>

In 2017, the Legitimate Business Syndicate came up with their very own CPU architecture called cLEMENCy: a [[middle-endian]] with 9 bits bytes [[Central processing unit|CPU]]. With its specifications released only 24 hours before the beginning of the CTF, it was designed with the explicit goals of both surprising the teams, and leveling the playing field by breaking all their tools.<ref>{{Cite web |last=Unknown |title=cLEMENCy - Showing Mercy |url=http://blog.legitbs.net/2017/10/clemency-showing-mercy.html |access-date=2023-12-20 |language=en}}</ref>