On the 6th of April 2019, wizlynx group hosted its first computer hacking competition, PwnTillDawn in Mexico City. Part capture the flag (CTF), part eSports, the event challenged 24 participants to put their offensive & cyber security skills to the test. For the contestants, who are mainly students and fresh graduates, it was all about training, bragging rights and a cash prize pool of $100,000 MXN.
PwnTillDawn is an intensive 12-hour session where participants evolve within a network comprised of many machines affected by real life vulnerabilities witnessed by wizlynx group through hundreds of penetration tests conducted for companies and organizations of various sizes and industries. The PwnTillDawn “Capture the Flag” CTF) competition challenged contestants to break into as many machines as possible, using a succession of weaknesses and vulnerabilities. Upon the compromise of a machine, contestants had to collect flags awarding a certain amount of points. The person with the highest score by the end of the 12 hours won the first prize of $70,000 MXN.
The competition started slowly on this past Saturday morning, with the participants performing the due reconnaissance of the vulnerable machines in the network, trying to find their first target. After a few minutes most of the contenders already found point-awarding flags. From the start of the contest, it was clear that most of the players were on the same level, even though the skillset of each one was different. We saw participants trying to brute force the systems and others trying to break into our systems with more gentle techniques.
While machines were very hard to penetrate, most participants did not give up and tried harder, knowing that adversity would strengthen their techniques, as well as assist in gaining new skills.
After the first half of the competition, the top positions were occupied by three participants that were surpassing each other every few minutes.
Every time a machine was “pwned”, all the players showed their respect with a big applause to their contenders.
After 6 hours of the competition, Puerko, a passionate student which drove more than 5 hours to compete, captured a very valuable flag by exploiting an OS Command Injection vulnerability on a very complex machine. He quickly scored another point which allowed him to get admin privileges on the same machine, and at the same time giving him the lead on the contest.
Chepe, a very talented & focused contestant, managed to get back the lead by leveraging a succession of weaknesses which allowed her to break into two machines. With less than two hours and thirty minutes from the end of the Competition, Chepe was followed by Zerodante and Puerko.
In the last hours of the competition, Zerodante claimed the first place by breaking in two of our most difficult machines. Chepe and onlyme, one of the most skilled testers of the group, were trying hard to close the gap with Zerodante.
The last minutes of the competition became extremely exciting, as the scoreboard was hidden to the contenders so they could not see who was winning. They were focused…
They did their best and our systems were falling piece by piece…and from the ashes the champion rose:
Congratulations to Zerodante, the winner of our first PwnTillDawn Hacking Contest!!!
Congratulations to all of the participants who were amazing during the entire competition, and to our staff that served as starting blocks to help whenever a participant or staff needed assistance! This event became possible and a true success with all of you!!
A special note of thanks also goes to Gabriel Zanchez Perez for helping us promote this event in the Instituto Politécnico Nacional (IPN) of México City and attending the entire competition to support his students!