Cyber competitions (a.k.a. wargaming or capture the flag) is an effective method to build skills and to promote teamwork. We leverage our years of experience creating international cybersecurity competitions to present each customer with an ideal event.

Customers request our cyber competition events to:

  • Establish skill baselines
  • Provide a team building event
  • Train their workforce

We offer customers the ability to train their employees using our competition framework we have honed in our years running DEF CON Capture the Flag. We offer hands-on competitions tuned to the skill sets and experience level of each customer's employees. We have previously presented the following categories: reverse engineering, web, forensics, encryption, software development, and binary patching. We are also able to present new categories to meet each new customer's needs.


Cromulence is made up entirely of members of the notorious Legitimate Business Syndicate (LBS). As LBS, we have designed, built, and hosted the DEF CON Capture the Flag (CTF) competition since DEF CON 21 (2013).

For each of the three CTFs, we did not use 3rd party libraries, game infrastructures, or challenges; all of the software was custom written by our team and the hardware was either manufactured by us (see picture below) or customized off-the-shelf hardware (e.g. Raspberry PIs).

DEF CON CTF 22 Badge (2014)

We are specifically proud of 2014's custom badge (pictured above), which used two openMSP430 cores: one for the radio, and one for the vulnerable "badger" service. The hardware was designed and laid out by us, and then we spent many hours hand-placing the components (0402-sized).

DEF CON Capture the Flag


We still operate Legitimate Business Syndicate in our free time, where it remains free from sponsors or other outside influences. We strive to maintain the independence of LBS and it is very important to the entire team that LBS is able to operate in the best interests of the DEF CON CTF game and to not have any monetary dependencies to any external group. We pay for the hardware and our time from our own pockets and are only reimbursed for a few things (e.g. travel, hotel) from DEF CON. 

Challenges we write for customers are not intended as an unfair advantage when playing our DEF CON CTF game. We do not reveal 'secret sauce' that goes into our DEF CON game -- in other words: we do not offer "Pay to Win" services.


The Cromulence team enjoys using our skills to give back to the community. We feel like the blood, sweat, and tears it takes to put on a good qualifier and final event every year are well worth it.

Typical Steps to Host DEF CON CTF:

  1. Determine technical platform for final event (e.g. ARM 32-bit running a customized Linux, x86 64-bit running Windows 10)
  2. Promote qualifying event through multiple venues
  3. Design qualifier challenges (main focus is to ensure qualifiers for our main event possess enough skill to be competitive)
  4. Develop and hold qualifier
    1. Develop around 25 challenges in various cybersecurity categories
    2. Set up virtual hosting on at least three international hosts
    3. Hold qualifier for 48 hours where thousands of cybersecurity experts and hobbyists attempt to solve our challenges
    4. Qualifying teams are invited to the DEF CON Capture the Flag main event in Las Vegas, NV
  5. Design theme for final event
  6. Design and build finals infrastructure
    1. Scoring and submissions server
    2. Network topology and security
    3. Special hardware or software integration
    4. Develop visualization
  7. Hold final event in Las Vegas, NV, USA

Cyber Grand Challenge

Because of our reputation for successfully running the DEF CON  CTF event, DARPA selected us to be a contributor to their Cyber Grand Challenge (more here). We have developed numerous challenges for the Cyber Reasoning Systems (CRS) to solve and we are eager to see the outcome of the game. The resultant technology from this game could change the way cybersecurity is done and we are excited to be a part of the process.