Friday, November 13th, 2009 was the final round of the NYU-Poly CSAW Capture the Flag Application Security Challenge. The challenge was open to teams of graduate and undergraduate students from around the world. The preliminary round was performed over the Internet, giving teams 24 hours to complete a number of challenges in web application security, reverse engineering, and exploitation of memory corruption vulnerabilities. Congratulations to all of the teams who played, those that made the finals, and especially to the winning teams: ppop, RPISEC, and SecDaemons.
I was responsible for creating and judging the exploitation challenges. Because I love RISC CPU architectures, I made the challenges revolve around exploitation of embedded Linux systems on x86, PowerPC, ARM, and SH4 processors. Stephen Ridley created a set of Windows binary reverse engineering challenges and an online scoreboard that was used for the preliminary rounds. Here are the reversing and exploitation challenges for anyone who is interested in giving them a try for themselves: