Category Archives: English

2021 was the year of records, top results and partnerships.

Our captain changed again. We had gnx (ELT founder) as captain from the team beginning until 2019. In 2020 the position was occupied by n0ps13d . This year, andre_smaira assumed the captain position.

In 2021 we created the ELT instagram, where you can find our news and a lot of material for study, and we put all of our important links together in linktree to turn it easy for our followers to always find any ELT information in an easy way. We also created in our website a place where all of Pwn2Win (since de first one in 2014) challenges and write-ups can be found (if you could not find any of them, let us know).

We also started a new partnership with Mente Binária, where we monthly publish infosec introductory Portuguese articles for those who are starting their studies in the infosec field (contact us on social networks if you want a specific subject).

Pwn2win 2021 was amazing! The Pwn2Win of records! This year we got the largest sponsorship, both in value and number of partners! The event was honored with the registration of 1091 international teams and with the participation of top teams fighting for the last spot in the DEF CON CTF 2021. Yes! Pwn2Win 2021 was the first Brazilian CTF chosen to be DEF CON CTF Pre-Qualifier (https://oooverflow.io/dc-ctf-2021-quals/)!. As a result, the weight of the event in 2022 will be even greater (99.41 / 100), the fourth-highest for 2022. Less than 10 events have already had weights greater than 99 in all history of CTFTime! See here the Pwn2Win 2021 backstage for more details.

Rating for Pwn2Win 2022

The team got 3 new and talented members (https://epicleet.team/line-up).

Just like last year, in 2021, unfortunately, we were unable to meet in person due to the Covid-19 pandemic that has yet to end. We hope that it will be possible to play at least one CTF spatially together or to meet at least at H2HC, which was canceled again this year.

We had excellent results in CTFs again! We got the top 20 positions or better in 11 of the 26 CTFs we played, highlighting 4 of them weighed 90% or better. We beat the previous year’s result in 4 of those we also played in 2020 and played 12 CTFs that we didn’t play in 2020 in an attempt to choose higher-level CTFs. This had an excellent impact on our final ranking on the CTFTime worldwide scoreboard. We ended up closing the year in international 23rd place near, and sometimes better than, internationally known teams. It is also important to highlight that we maintained the Brazilian 1st place, a position we hold since 2014 (the year that the team joined on CTFTime).

Top 30 overall – CTFTime.org

After a year of hard work, we can celebrate our achievements, reflect on what can be improved and recharge our batteries for the challenges that will come in 2022. Happy holidays! We wish that next year will bring even more interesting challenges, make the good news more frequent and motivate the fight for more success for everyone.

We are looking for sponsors for the sixth international edition of Pwn2Win CTF, which will take place on May 28. Our event is currently one of the leading competitions on the international scene and the best evaluated brazilian Capture The Flag according to CTFTime, and we would like to give a worthy prize to our Top 3.

By sponsoring us, your company will earn visibility from the world’s top-notch hackers, since last year we had 864 registered teams, including the 5 best teams in the world, in 2020, and, at the same time, help increase awareness in security education and research in a developing country.

If you are interested in sponsoring Pwn2Win CTF, contact us via elt@ctf-br.org.

What is Capture The Flag?

Capture The Flag is a kind of competition where the players need to use their knowledge in information security and technology to solve tasks and get points as a reward for solving each of them.

About the Event

Pwn2Win is a thematic and multidisciplinary event organized by Epic Leet Team, an inter institutional security team from Brazil and honored by the participation of the best CTF teams in the world. It had its first edition in 2014 and became an international competition in 2016. According to CTFTime, it is currently the best event hosted by a team from the Southern Hemisphere and one of the best in the world, rated >83 points. Throughout our editions, our format has been unique. We have pioneered many kinds of challenges, e.g. FPGA Reversing (2016), Quantum Circuit Reversing (2018), Adversarial Machine Learning (2017), besides many other hardcore challenges (e.g., Shift Register, Bathing and Grooming, Attack Step 2016, Calc, etc). Our CTFs are always challenging, with many advanced level tasks, but never dull, since we strive to offer a broad collection of challenges for every taste.

The following image is the previous event edition poster. We are still working in the theme and poster for this year:

[PT-BR]

2020 foi um ano cheio de emoções e resultados positivos.

Ocorreu troca de capitão! O gnx (Álisson), fundador do time e capitão desde o início, passou o posto de capitão para o n0ps13d (Saullo).

O Pwn2win 2020 foi o maior sucesso! O evento foi prestigiado com a inscrição de 864 times internacionais e honrado com a participação de times muito competitivos. Como resultado, o peso do evento em 2021 será maior (83.41) do que o da qualificatória do DEF CON CTF (80.92), como pode ser visto abaixo. Os bastidores dessa edição pode ser visto aqui.

Rating para o Pwn2Win 2021
Rating para a DEF CON Quals 2021

O time cresceu e foi reorganizado! 7 novos e talentosos membros (https://epicleet.team/line-up) entraram para a nossa composição e, desde o início, começaram a participar das reuniões dos nossos clubinhos temáticos.

Infelizmente, fomos surpreendidos por uma pandemia! Por esse motivo, duas reuniões já programadas precisaram ser canceladas, pra nossa tristeza. A primeira reunião deveria ter ocorrido durante a qualificatória do DEF CON CTF 2020 e a segunda, ocorreria na H2HC.

Tivemos melhores resultados nos CTFs! Mesmo com o time jogando online a Qualificatória da DEF CON, tivemos um resultado inédito, ficando em 28º. Cada ano estamos mais perto da tão sonhada classificação pra Vegas! No total, acabamos jogando 25 CTFs e dentre esses superamos o resultado do ano anterior em 12 dos que também jogamos em 2019. Isso teve um impacto excelente na nossa classificação final no placar internacional. Acabamos fechando o ano em 18º lugar internacional e mantivemos o 1º lugar brasileiro, posição que ocupamos desde 2014 (ano que o time entrou no CTFTime).

Top 18 overall – CTFTime.org

Após um ano de muito esforço e trabalho duro, podemos celebrar as nossas conquistas, refletir sobre o que pode ser melhorado e recarregar as nossas baterias pros desafios que virão em 2021. Boas festas! Desejamos que o próximo ano traga desafios ainda mais interessantes, torne as boas novidades mais frequentes e motive a luta por mais sucesso a todos.

Avante, ELT!

[ENG]

2020 was a year full of emotions and positive results.

Our captain changed! gnx (Álisson), founder of the team and captain from the beginning, passed the position of captain to n0ps13d (Saullo).

Pwn2win 2020 was a huge success! The event was honored with the registration of 864 international teams and with the participation of very competitive teams. As a result, the weight of the event in 2021 will be greater (83.41) than that of the DEF CON CTF qualifier (80.92):

Rating for Pwn2Win 2021
Rating for DEF CON Quals 2021

The team grew and was reorganized! 7 new and talented members (https://epicleet.team/line-up) joined our line-up and, from the beginning, started participating in our thematic meetings.

Unfortunately, we were surprised by a pandemic! For this reason, two in-person meetings already scheduled had to be sadly canceled. The first meeting should have taken place during the DEF CON CTF Quals 2020 and the second, would take place at H2HC.

We had better results in CTFs! Even with the team playing the DEF CON Qualifier online, we had an unprecedented result, reaching 28th place. Each year we are closer to the long-awaited classification for Vegas! In total, we ended up playing 25 CTFs and among those we beat the previous year’s result in 12 of those we also played in 2019. This had an excellent impact on our final ranking on the CTFTime worldwide scoreboard. We ended up closing the year in international 18th place and maintained the brazilian 1st place, a position we hold since 2014 (year that the team joined on CTFTime).

Top 18 overall – CTFTime.org

After a year of hard work, we can celebrate our achievements, reflect on what can be improved and recharge our batteries for the challenges that will come in 2021. Happy holidays! We wish that next year will bring even more interesting challenges, make the good news more frequent and motivate the fight for more success for everyone.

Go on, ELT!

[EN]

We have been working hard for the past 8 years to represent Brazil and CTF-BR in the world of Capture the Flag competitions, and to place the country in a prominent position at a international level. We’ve achieved several results that make us very proud, both as players and as organizers of Pwn2Win CTF, which today is already one of the most renowned CTF competitions. Moreover, we contributed to the country by finding very serious flaws in the brazilian electronic voting machine, which allowed arbitrary code execution, as can be seen at https://urnaeletronica.info/.

Now, the time has come to realize an old dream. An important step for us to start transforming the CTF scenario into something similar to the e-sports scenario, where teams have sponsors and great support behind them. A step towards something that will help to further enhance our results and that will support us to fly higher and higher.

We are pleased to announce our first sponsor, a company that believed in the potential of our team and will be walking with us towards the top of the world, Bug Hunt.

Bug Hunt is a platform where security researchers find companies that are looking to improve the security of their systems even more, report failures and be financially rewarded for it. The platform already has several renowned professionals, including members of our team, and is adding public and private programs frequently.

We are really happy with this partnership, we are sure that it will be successful and will foster the brazilian information security scene!

Together towards the top! \o/

Bug Hunt – A Bug Bounty Platform

[PT-BR]

Temos trabalhado duro nos últimos 8 anos para representar o Brasil e o CTF-BR no mundo das competições Capture the Flag, e colocar o país em uma posição de destaque no cenário internacional. Conseguimos diversos resultados que nos deixam muito orgulhosos, tanto como players quanto como organizadores do Pwn2Win CTF, que hoje já é uma das mais renomadas competições da cena. Além disso, contribuímos com o país ao acharmos falhas gravíssimas na Urna Eletrônica, que possibilitavam a execução arbitrária de códigos, como pode ser visto em urnaeletronica.info.

Agora, chegou a hora de realizarmos um sonho antigo. Um passo importante para começarmos a transformar o cenário de CTF em algo semelhante ao cenário de e-Sports, onde os times contam com patrocinadores e um grande apoio por trás. Um passo em direção a algo que vai ajudar a potencializar ainda mais nossos resultados e que dará suporte para voarmos cada vez mais alto.

É com prazer que anunciamos nosso primeiro patrocinador, uma empresa que acreditou no potencial do time e estará caminhando conosco rumo ao topo do mundo, a Bug Hunt!

A Bug Hunt é uma Plataforma onde Pesquisadores de Segurança encontram Empresas que estão buscando melhorar cada vez mais a segurança dos seus sistemas, para reportar falhas e serem recompensados financeiramente por isso. A Plataforma já conta com diversos profissionais renomados, incluindo os membros do nosso time, e está adicionando programas públicos e privados com frequência.

Estamos realmente felizes com essa parceria, e temos certeza que será de sucesso e trará vários frutos para a cena brasileira de segurança da informação como um todo!

Juntos rumo ao topo! \o/

Bug Hunt – A Bug Bounty Platform

We are looking for sponsors for the fifth international edition of Pwn2Win CTF. Our event is currently one of the leading competitions on the scene, and we would like to give a worthy prize to our Top 3.

By sponsoring us, your company will earn visibility from the world’s top-notch hackers and, at the same time, help increase awareness in security education and research in a developing country.

About the event:

Pwn2Win is a thematic and multidisciplinary event organized by ELT, an interinstitutional security team from Brazil. It had its first edition in 2014 and became international in 2016. According to CTFTime, it is currently the best event hosted by a team from the Southern Hemisphere, rated >63 points. Throughout our editions, our format has been unique. We have pioneered many kinds of challenges, e.g. FPGA Reversing (2016), Quantum Circuit Reversing (2018), Adversarial Machine Learning (2017), besides many other hardcore challenges (e.g., Shift RegisterBathing and GroomingAttack Step 2016Calc, etc). Our CTFs are always challenging, with many advanced level tasks, but never dull, since we strive to offer a broad collection of challenges for every taste.

If you are interested, contact us via elt at ctf-br.org.

[EN]

Always seeking to improve the experience of the players during the Pwn2Win CTF and fulfilling their requests over the years, we are working on a modern web interface. It is going to replace the client that we used since 2017 with our exclusive NIZK Platform (https://arxiv.org/pdf/1708.05844.pdf). All the security and performance characteristics of the platform will be maintained, but now the usability will be similar to that of any other CTF. Just have a GitHub account to login and play. If you do not want to use your everyday account (even though we only need access to public repos), the process of creating one for using it at the event is as quick as registering at CTFd. In addition, our backend will be much more performant and will update the game status in realtime, due to the new technologies that we decided to use. The programmers who are helping us on this mission are Lorhan Sohaky and Éderson Szlachta. We are immensely grateful to them!

We are also migrating the competition rules to the game’s website (https://pwn2.win) and we have included a countdown for the event date on the main page (https://pwn2win.party). That way, it’s easy not to forget how many days are left until the event, in addition to enjoying the beautiful illustration of this year’s history in the background! 🙂

More news are coming. Always stay connected, following us:

https://twitter.com/pwn2win
https://twitter.com/eltctfbr
http://linkedin.com/company/eltctf

[PT-BR]

Buscando sempre melhorar a experiência dos jogadores durante o Pwn2Win CTF e atendendo a seus pedidos ao longo dos anos, estamos trabalhando em uma interface web moderna. Ela substituirá o cliente que começou a ser usado em 2017 com a nossa exclusiva NIZK Platform (https://arxiv.org/pdf/1708.05844.pdf). Todas as caraterísticas de segurança e performance da plataforma serão mantidas, mas agora a usabilidade será semelhante a de qualquer outro CTF. Basta ter uma conta no GitHub para logar e jogar. Caso não queira usar a sua conta do dia-a-dia (mesmo sabendo que precisamos apenas de acesso aos repos públicos), o processo de criar uma para usar no evento é tão rápido quanto cadastrar no CTFd. Além disso, nosso backend será bem mais performático e atualizará as informações em realtime, devido às novas tecnologias que decidimos utilizar. Os programadores que estão nos ajudando nessa missão são Lorhan Sohaky e Éderson Szlachta. Queremos registrar aqui o nosso muito obrigado a eles!

Também estamos migrando as regras da competição para o site do game (https://pwn2.win) e colocamos uma contagem regressiva para a data do evento na página principal (https://pwn2win.party). Dessa forma, fica fácil não esquecer quantos dias faltam para o evento, além de apreciar a linda ilustração da história deste ano ao fundo! 🙂

Mais novidades estão por vir. Fiquem sempre ligados, seguindo as nossas redes sociais:

https://twitter.com/pwn2win
https://twitter.com/eltctfbr
http://linkedin.com/company/eltctf

[EN]

On July 20 and 21, 2019, a qualifying phase of CTF CyBRICS (https://cybrics.net), a cyber-security competition of the BRICS countries (Brazil, Russia, India, China and South Africa) took place… This phase had 775 teams from dozens of countries. We won 12th overall place (https://cybrics.net/stats) and 1st place among the Brazilian teams, as well as one of the places to represent Brazil in the final phase of the competition.

The final round of CyBRICS will take place September 23-28 in St. Petersburg, Russia. We need to send 5 players and one Professor, also member of the team, so we are looking for sponsorship to help with the travel costs, estimated at R$ 40,000.00 (about 10,000.00 USD).

Interested in contributing to the growth of cyber security in BRICS countries (specially in Brazil), advertisement, and be in touch with potential future cyber security specialists on your company? Contact us for more information: elt at ctf-br.org.

[PT-BR]

Nos dias 20 e 21 de julho de 2019, ocorreu a fase qualificatória do CTF CyBRICS (https://cybrics.net), competição envolvendo times de segurança acadêmicos dos países do BRICS (Brasil, Rússia, Índia, China e África do Sul). Essa fase contou com 775 equipes de dezenas de países. Nós conquistamos o 12º lugar geral (https://cybrics.net/stats) e o 1º lugar dentre os times brasileiros, além de uma das vagas para representar o Brasil na fase final da competição.

A fase final do CyBRICS ocorrerá de 23 a 28 de setembro em São Petesburgo, Rússia. O time pretende enviar 5 membros estudantes e 1 Professor, também membro do time, mas necessita de patrocínio para ajudar nos custos da viagem, estimado em R$ 40.000,00.

Interessado em contribuir com o crescimento da área de cibersegurança nos países do BRICS (especialmente no Brasil), propaganda de sua marca a nível internacional e ficar em contato com potenciais futuros especialistas em infosec para sua empresa? Contate-nos via elt at ctf-br.org para informações sobre as cotas! Além disso, como contrapartida, se houver interesse da empresa, podemos fazer uma apresentação remota pós-evento para os colaboradores, falando dos desafios e técnicas utilizadas para a resolução dos mesmos, bem como um pequeno vídeo sobre como foi a final e apresentando o(s) patrocinador(es).