DEF CON 29 Red Team Village Capture the Flag (CTF)

Once again this year's DEFCON Red Team Village CTF will be hosted by Threat Simulations! We have an another amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network.

The target is interested in hiring a skilled red team for an upcoming engagement scheduled for 7 August 2021. The goal of this full scope engagement is to see if teams can access the 'crown jewels' and best of all, NO REPORT REQUIRED! Unfortunately, with so many skilled applicants in the marketplace, the offensive security personnel will need to be vetted during a qualification period. Only the top teams will advance to the immersive scenario.


Friday 6 Aug 2021

1000 - 1700: Qualifiers Part 1 (7 hours)

1000: Qualifier Challenge Release

1400: Qualifier Challenge Release

1700: End of day announcements,
CTF board and challenges paused overnight

Saturday 7 Aug 2021

1000 - 1200: Qualifiers Part 2 (2 hours)

1000: Qualifier Challenge Release

1200 - 1300: Announce finalist and award prizes for quals

1300 - 1700: Finals Part 1 (4 hours)
(Finals CTF board and networks left on without admin support)

Sunday 8 Aug 2021

1000 - 1200: Finals Part 2 (2 hours)

1200 - 1300: RTV CTF Closing Ceremonies

1400 - 1500: DEF CON Contest Closing Ceremonies

1600 - 1700: DEF CON Closing Ceremonies

Skills Required
Advanced Pentesting/Red Team Techniques
Web Exploitation
Reverse Engineering
Binary Exploitation
Exploit Development
Computer Exploitation
Privilege Escalation
Network Pivoting
Security Product Evasion
Windows Enterprise (AD) Exploitation
Ability to Operate as a Team
General movie and meme knowledge

MITRE ATT&CKĀ® mapping:
T1003 - OS Credential Dumping
T1007 - System Service Discovery
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1021 - Remote Services
T1033 - System Owner/User Discovery
T1039 - Data from Network Shared Drive
T1040 - Network Sniffing
T1046 - Network Service Scanning
T1068 - Exploitation for privilege Escalation
T1069 - Permission Groups Discovery
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087 - Account Discovery
T1110 - Brute Force
T1135 - Network Share Discovery
T1190 - Exploit Public-Facing Application
T1555 - Credentials from Password Stores
T1259 - Determine external network trust dependencies
T1262 - Enumerate client configurations
T1266 - Acquire OSINT data sets and information
T1267 - Identify job postings and needs/gaps
T1269 - Identify people of interest
T1271 - Identify personnel with an authority/privilege
T1273 - Mine Social Media
TA0005 - Defense Evasion

What if I'm a beginner?
Good news, there are a ton of challenges at all skill levels available during the qualifiers. Also, after we identify the top teams at 16:00UTC on 6 August 2021, we will leave the scoreboard and challenges up throughout DEFCON.

What if I can't stay up that long?
Take a nap, then re-caffeinate

What if I don't have a team?
Discord is full of awesome people to team up with

Will there be prizes?

(c)2022, Red Team Village

Site was started with Mobirise