As it has been the case in the past, the same names often show up in the Hall of Fame. Whether it’s the technical talent, persistent effort or being in the right place at the right time, Fortune favors the bold.

Congratulations Carl “Zeta Two” Svensson! Well done!

To demonstrate what it took to receive the ticket, here are selected highlights from his long application:

• Running Midnight Sun CTF online and offline
• Organizing weekly alma matter CTF meetups
• Livestreaming the solving of a hardware CTF challenge (including failure)
• Youtubing AVR firmware reverse engineering (challenge from RHme2 CTF, 6th place)
• 3rd place in LabyREnth 2017
• Several writeups for different challenge and CTF qualifiers

We would also like to thank everybody who participated in the challenge this year. Your submissions were greatly appreciated. In other news, the ticket sales have been active during the summer and we are expecting a flood of registrations once the preliminary schedule is released. To make sure you don’t miss out, register now to guarantee your place at the 15th anniversary edition of t2.

For t2’18 the annual challenge will take a new form. To showcase technical excellence and prove you deserve a free ticket, all you need to do is submit an open application (preferably in ASCII format) over e-mail. Whether it’s your tool repository on github, awesome local meetup presentation, craziest exercise in memory manipulation, a recent bug bounty submission or something completely different, let us know. Supporting evidence goes a long way.

Rules of the challenge

• The Advisory Board will select 0-2 ticket recipients out of the submissions
• Challenge deadline is August 4, 2018 @ 23:59:59 UTC
• Submissions must be sent to info-2018@lists.t2.fi
• Criteria for selection is unscientific, tough but fair and may change at any time
• Participants unestablished in the security industry will receive a scoring multiplier
• The free ticket entitles to the same perks as a single regular ticket
• Travel costs (if required to participate) are not covered by the prize
• Decisions are final, but we still love you. It’s not you, it’s us. We hope we can still be friends.

Congratulations Harri Kuosmanen of team ROT! Well done!

We would also like to thank all the other teams and those participating in the challenge during the summer. The countdown to t2’17 starts now – see you on Thursday! (..or Wednesday night at one of the many pre-event meetups/lobby bar gatherings)

If you have ideas on how to give out free tickets to our 15th anniversary event next year, please let us know!

The challenge was originally created in 2005 to give out free tickets to people with fantastic technical talents – there were two tracks, speed and elegance. You could either win by being the first one to solve the challenge, or by submitting the finest write-up. The idea was that also those without a personal training budget had a chance of participating the event – in practice, many new talents got a turbo boost for their contacts and career in security.

The format was successful for almost a decade, until the successful completions, attempts and downloads/page views started to drop steadily. The numbers were coming down and there was no denying it – the format of each year’s challenge appeared to have no effect on this.

We tried to compensate by putting more effort into creating the challenges, and promoted them also on Twitter in addition to the traditional channels. Alas, this did not work and we pivoted to a bug bounty this year.

The challenge was open for three full months over the summer, and during that time our own tweets alone reached over 130 000 people. Further promotion was done on our own blog, and mailing list, in addition to Full Disclosure and DailyDave. In the spirit of past challenges, the rules emphasized quality submissions and finesse to allow people to focus on what truly matters. Most importantly, the target had been selected exclusively for the t2 challenge, and had not been previously subjected to a bug bounty.

Despite a major scope increase two weeks before the challenge end date, we received exactly zero submissions. Not one, not two, but Z-to-the-E-to-the-R-to-the-0. Talk about failing..

Our question now to you, esteemed fellow hackers is:

How should we give out the free tickets in the future?

Please tweet or e-mail us, we want to hear your ideas! All feedback on the subject is appreciated.

There is sunshine after the rain – our good friend Leo Niemelä invited t2 to judge the annual LocalTapiola Hack Day. That’s the where the story continues in the following post.

The basic rules stay the same, with these changes:

• The in-scope domains are expanded to cover all the domains that are in-scope in the normal LocalTapiola bug bounty program as well
• All submissions are eligible for bounties – the rules are the same as in the normal LocalTapiola bug bounty program ($50-$50k)
• Only NEW reports are eligible – don’t duplicate current open and/or unresolved reports from the normal LocalTapiola bug bounty program
• In any case of confusion or ambiguity between the two bug bounty programs – LocalTapiola reserves all rights to make wise decisions

Happy hunting!

The elegant write-up trophy goes to Alexander Polyakov, Russia. His write-up will be published soon so you’ll have a change to evaluate the submission yourself.

Congratulations to both winners! We would also like to thank each one of you who participated. Last but not least. if you have an interesting idea for t2’17 Challenge, please let us know – authors get a free admission to the conference among other perks

Please remember that the criteria for the selection is the elegance of the answer. The solution must include a detailed description of methods and tools used. If you don’t know the definition of elegance – please check out the winning write-ups from previous years.

Sorry!! Here we go!

As usual, you can follow the contestants via (near) real time scoreboard!