Security Remote Capture the Flag

From Ggl's wiki

Jump to: navigation, search

Introduction

CTF is a competition where each team own some servers with active services on them and some files or vulns e.g. flags. Some services have vulnerabilities by design or in their configuration. No source code is provided for the services. The score depends on :

  • Uptime of the services
  • How many times the team takes flags

There are different strategies :

  • Defending the services (filtering, binary patching)
  • Finding as most as vulnerable services as the team can

The scoring system is very important in this game.

Existing Competitions

UCSB International Capture The Flag is a good example of this kind of competition. They give some info how they implement their CTF, slides are also available. UCSB is only for teams associated with a educationnal institution. So, no professionals or anonymous participants.

Historically, the most famous CTF were DefCon's ones by ghettohackers and kenshoto.

This report by immunix describe an experience to test Immunix defensive solutions from intense attack during a CTF.

Retrieved from "http://www.stacksegment.net/wiki/index.php/Security_Remote_Capture_the_Flag"
Personal tools