Can You Capture the Flag?
June 04, 2015 | POSTED BY RYAN MCCARTHY IN UNCATEGORIZED
In the cyber-security realm, arguably one of the best methods of gaining hands-on experience is to compete in Capture the Flag (CTF) competitions. Since they are designed, hosted, and competed in by leading whitehats and blackhats, the challenges and the write-ups both reflect current exploits and strategies. These competitions are a great way to test one's own skills and gain hands on experience leveraging cutting-edge attack techniques.
CTFs typically occur in two distinct variants: attack and defend or jeopardy style. The attack and defend style is mainly used at competitions where the participants are physically present. The name aptly describes how the competition style works, competitors are given computers that are running intentionally vulnerable services and must defend their own computers while attacking their competitors' computers. Jeopardy style CTFs are easier to host on the Internet and make remotely available. In this variant, there are a compilation of tasks in areas such as exploitation, reverse engineering, algorithms, cryptography and web with new questions being unlocked in a rolling fashion.
Of these CTFs, the most highly regarded tend to be the ones hosted by DefCon each year. Throughout the year, there are several CTFs that act as a qualifier for the attack and defend CTF hosted each year at the DefCon security conference. This year, DefCon's own qualifier was hosted May 15th through May 17th. During the 48 hour competition, questions were unlocked by whichever team solved the most recently unlocked challenge. In this international competition, over 1,000 teams registered, and, of those, only approximately 300 teams ended up solving a challenge. When the dust settled, True came in 112th place overall and managed to solve four challenges. True's write-ups for these challenges can be found under the "Completed Write-ups" section of the GitHub page linked here
. (mathwiz and babycmd are the current write ups contributed by True.)