echoCTF throughout the years…

With 2017 just around the corner we thought it would be a good idea to introduce one of the projects we've been working on for the past 5 years, echoCTF.

Our CTF competition platform, echoCTF, was initially developed in order to run the CTF competition of AthCon 2012.

Since then, echoCTF has improved and grown immensely as it was utilized on subsequent events.

Keep reading to learn more about the echoCTF project and its history.

echoCTF throughout the years...

2012: AthCon 2012 Information Security Conference (Athens - Greece)

The initial implementation included defense and attack capabilities, findings and treasures, custom reports, visual representations of network traffic, scoreboard and an activity stream.

This acted as a proof of concept implementation for future hackathons. The total number of participants was about 30 and the competition lasted for 2 days. Sponsored prizes included licenses for security tools, like Metasploit Pro.

The feedback received from all participants was incredible and it was the fuel that pushed echoCTF development further.

AthCON 2012 visualizations Echothrust Solutions team on AthCON 2012 AthCON 2012 CTF in action

2014: du Cyber Security Conference 2014 (Dubai - UAE)

On the 1st du Hackathon event in 2014, it was the first time echoCTF included a model city in order to demonstrate impact of IT Security in critical infrastructure.

The model city was named echoCiTy-F and drew much attention amongst the attendants and press. Throughout the Hackathon event, improved implementations of the visuals representing network traffic were projected on large screens, coupled with an improved scoreboard and activity stream that were now using real time push notifications instead of javascript based refresh.

du Hackathon 2014 Hall du Hackathon 2014 Model City

The applications developed during the AthCon 2012 were greatly improved to include new technologies (thanks to OpenBSD). The applications acquired an official project repository, automatic deployment scripts (even though based on BSD Make). In this second iteration of echoCTF, the first signs of individual daemons to handle the required tasks were shown (mysql based arp cache, raw tcpdump processing by the database, vxlan interconnected targets and much much more became a fact).

2016: du Cyber Security Conference 2016 (Dubai - UAE)

The increased participation attracted by the 2nd du Hackathon meant that we had to improve the platform even further (throughput, user interfaces, scenarios etc). Especially the model city, which got greatly improved in terms of visual appearance and enriched with more scenarios. The winning team was awarded with AED 20,000 and every team got a certificate of participation.

du Hackathon 2016 Hall du Hackathon 2016 Model Citydu Hackathon 2016 Visuals

2017: MENA Information Security Conference 2017 (Riyadh - KSA)

The MENA ISC Hackathon, held in 2017, was even larger and was calling for the most amazing implementation of echoCTF we had performed so far.

Fourteen teams competed for the 1st, 2nd and 3rd place. echoCTF included 60 target servers in total, of which 20 targets were actually hackable PLCs embedded in a model city to provide smart functionality for the city infrastructure and visualization of impacts when such infrastructure is successfully attacked.

MENA ISC 2017 Hall MENA ISC 2017 Model City

2018: Stay tuned

Every event brings new and exciting challenges along with valuable feedback from everyone involved, be it participants, organizers or event sponsors.

More interesting and dazzling implementations of echoCTF are in the works, stay tuned and Happy New Year.