Capture The Flag – Weapons of Mass Destruction (CTF-WMD)


The basic principle of CTF-WMD is similar to past CTF competitions held at Hack in The Box – attack and defend. Teams of 3 will have a set of daemons / services running on their machines and they need to exploit rival teams’ daemons to get their flags. Submit the flag to obtain offensive points. Keep your daemons up and running to obtain defensive points.

In CTF-WMD, each team will manage a country and each country will start with the same number of population (also known as HP or HitPoints). Teams will need to launch warheads at rival countries or disable their warheads or utilities in order to gain offensive points. For defensive points, all the team needs to do is keep their utilities up.

There are 2 types of daemons.

– Warheads
– Utilities

Warheads are inactive by default. Teams will need to crack a bunch of bonus binaries in order to obtain the launch codes for the warheads. Submit the launch codes to the score server and the score server will flag the designated nukes as active. Once a warhead(s) is active, they will automatically launch at a given interval (controlled by the score server). Each warhead carries different points. The harder it is to obtain the launch codes for the warhead, the more damage it’ll do to the other teams. When a warhead hits another team’s country, a number of population will be deducted from that country. Warheads can be disabled by hacking into them, capturing the flag and submitting them to the score server. When a team submits a rival team’s warhead flag, the score server will disable said warhead and deem it unusable.

Utilities are defensive daemons. The only thing they do is regenerate the country’s population. The more utilities you have up and running, the higher your regeneration multiplier is. When a team loses all utilities (flag captured by the enemy), population regeneration will drop to 0. Winners will be determined according to the number of population they have left. If a team reaches 0 population before the game ends, the team is considered disqualified.


- No flooding and/or DoS attack. Players will be penalized by disqualification, points deduction or time penalty.
- No harassment of other opponents.
- All participants must obey PIT STOP calls. PIT STOP calls are rest intervals where all players must leave the game area to facilitate for the CtF judges to update the score, and/or do maintenance work etc.

Registered Teams

1.) Level9-Team (INDONESIA)
2.) Terminators (SINGAPORE)
3.) AllKill (KOREA)
4.) sutegoma2 (JAPAN)
6.) Army Strong (USA)
9.) scannerz (INDONESIA)
10.) NOMedic (KOREA)


The pride, glory and ULTIMATE BRAGGING RIGHTS of being crowned the best-of-the-best in what has been described as one of the hardest and most grueling network security ‘games’ around!!!

How do I register?

To register for Capture The Flag – Weapons of Mass Destruction, send an email to with the following details:

- Team Name
- Team Leaders Name / Handle + Email Address
- Team Members Names / Handle + Email Addresses

Final Judgement

At all times, the decision of the CtF Organizing Team is final on any matter in question.


The HITBSecConf organizing committe would like to give shoutouts, ninja greetz and ghetto loves to The Ghetto Hackers, the original pioneers of the attack and defense concept for the CtF game and to CS Lee, Jean-Baptiste Bedrune and PSH from Sogeti for their KICK ASS binary contributions to this year’s game!