CTF 2019 Preliminary Round

Test your medical device security knowledge and skills with the CTF Preliminary Round!

CTF 2019 Artifacts

Hospital Under Siege - CTF 2019

The Biohacking Village will run a Capture the Flag (CTF) over the course of three days (August 9-11), as an official DEF CON 27 contest.

 

This game will challenge participants to defend a hospital under siege, in a realistic scenario within an immersive physical environment within the Village, as well as throughout the venue through the conference wifi.

 

This CTF is open to those of all ages, backgrounds, and skillsets, with puzzles, technical challenges, and other games. Serious competitors will want to bring their laptops, loaded with their software and hardware tools of choice, for forensic analysis, penetration testing, reverse engineering, radio frequency manipulation, and other challenges. Register on the site later this summer before DEF CON.

 

Hackers work to defend a hospital under siege, racing against the clock. Experience a realistic technical exercise, built by the Mayo Clinic, within an immersive, hands-on environment, built by the California Cybersecurity Institute, at Cal Poly.

CTF Scenario

Adversaries have gained a foothold in your local hospital and are increasing their control over clinical systems and medical devices. Soon they make it clear they’re not after patient records or financial information, but are out to disrupt care delivery and put patients lives at risk. Your team received an urgent request to use your blue, red, and purple team skills to defend against the escalating attacks, attempt to unmask the adversary, and - above all - protect patient lives.

 

Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against the clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with exotic protocols like DICOM, HL7 and FHIR.

CTF Winners

Congratulations to the 2019 Biohacking Village Winners, MurphLaw, with 8 members! The competition was fierce till the end with over 40 teams participating.

Winners of the contest received:

 

CTF Challenge Types

Come prepared to work on challenges around network and disk forensics, penetration testing, hardware and software reverse engineering.

CTF Resources

Credits

​Thanks to the following people and groups who made the CTF possible!

  • Lead design, hosting and technical challenges: Fotis Chantzis, Danilo Clemente (Mayo Clinic)

  • BACnet challenges: Nebraska Applied Research Institute (NARI)

  • Physical puzzles: Jessica MacMillan (CalPoly)

  • UDP Challenge: Daniel Barrett (CalPoly)

  • Networking equipment set-up & operation: John McGee (Adventist Health)