Title: Boston Key party 2015
Date: 2015-03-05 19:00

![logo]({static}/images/BKP2015/logo.png)

Last week-end, I helped to host the [Boston Key Party 2015]( http://bostonkey.party ) ctf!
It was not only a [Defcon CTF]( https://blog.legitbs.net/2015/02/def-con-ctf-2015-qualification-update.html ) qualifier,
but also a required participation for
[CMU SEC class]( https://github.com/CMU-18739L-S15/187639L-s15-coursedocs/blob/master/README.md )!

# Numbers

- 1402 teams registered
- 828 ones scored at least 10 points
- 13627 flag guesses, for 5022 flags found, making something like ⅓ of success
- 31 challenges

The challenges board was also quite cool:

![challenges]({static}/images/BKP2015/challenges.png)

# Points and solves
Since I wasn't really involved in the infrastructure, I'll focus on challenges
instead.

## Weight estimation
One of the main difficulty in organizing a ctf (beside infrastructure)
is to write and estimate how much do challenges worth.

The more a challenge is difficult, the more value its is granted. In a perfect
world, if we happen to multiply how many time a challenge was solved with how
much points it weights, we should always obtain the same number, for every challenge.

![Points time solves]({static}/images/BKP2015/points_solves.png )

As you can see, the main mistake was *haymarkey*, an orange challenge, that was worth to many points.

The average is around 10k with haymarket, and 9k without;
while the standard deviation is 6k and a bit less than 5k without it.

![Points time solves, without haymarket]({static}/images/BKP2015/points_solves_without.png )

So, it seems that there was a single big mistake for challenges ranking, it's not that bad.

## Solves

![Solves]({static}/images/BKP2015/solved.png )

- blue (crypto): 214 solves
- green (school bus): 4188
- orange (reverse): 330
- red (pwning): 290

The most solved category was, as expected, School Bus;
the other ones were solved between 200 and 300 times each,
which is great : It means that there wasn't a super-(easier|harder)
category.

# My challenges
Since this is my blog, I'll speak a bit about my challenges: Of the 31 one, I wrote 8.

- Symphony ([writeup]( https://github.com/ctfs/write-ups-2015/tree/master/boston-key-party-2015/school-bus/symphony ))
- Prudential ([writeup]( https://github.com/ctfs/write-ups-2015/tree/master/boston-key-party-2015/school-bus/prudential ))
- Northeastern Univ. ([writeup]( https://github.com/ctfs/write-ups-2015/tree/master/boston-key-party-2015/school-bus/northeastern-univ ))
- Museum of Fine Arts ([writeup]( https://github.com/ctfs/write-ups-2015/tree/master/boston-key-party-2015/school-bus/museum-of-fine-arts ) and the intended [one]( https://github.com/bl4de/ctf/blob/master/BostonKeyPartyCTF_2015/MuseumOfFineArts.md ))
- Longwood Medical ([writeup]( https://github.com/ctfs/write-ups-2015/tree/master/boston-key-party-2015/school-bus/longwood-medical ))
- Brigham Circle. ([writeup](https://github.com/bl4de/ctf/blob/master/BostonKeyPartyCTF_2015/BrighamCircle.md))
- Wellington ([writeup]( http://wiremask.eu/boston-key-party-2015-wellington/ ) and the indented [one]( https://github.com/noobdoesre/write-ups/tree/master/boston-key-party-2015/wellington ))
- Bowdoin ([writeup]( http://gnoobz.com/bkpctf-2015-bowdoin-writeup.html ))

While the 5 first ones of the list were in the *School Bus* category, Wellington was a 250pts orange (*Reverse*) and Bowdoin a 350 blue (*Crypto*). You can find them and their respective sources [here]({static}/files/BKP2015.tar.xz )

My major regret is that I should have been more careful when I generated the PDF for Bowdoin:
It was really hard to distinguish `1`, `l`, `i` and `I`.
But when I saw that the [Balalaika Crew]( https://ctfcrew.org/ ) posted its flag in less than 45 minutes, I stopped feeling guilty.

Many thanks to gsilvis for proofreading my crypto challenge, and to crowell for letting me give a hand: hosting a ctf is as fun as playing one, only with more stress ;)

See you next year?