What the heck is a Capture the flag (CTF)

What are CTF competitions?

Capture the flag (CTF) is a certain the type of an outdoor game where two or more teams have a flag and their goal is for each team to capture the other team’s flag in the area of ​​the opposing team and to return it with security back to their own area while protecting their own flag. Capture The Flag type games will also be found in activities such as Paintball or Airsoft as well as computer games.

The main goal of the game is for players to penetrate the area of ​​the opposing team without being caught, to grab the flag and to return back to their area with the flag without being able to prevent the members of the opposing team.

In the field of Information Systems Security, the term Capture the Flag is about competitions that have a similar logic to traditional Capture the Flag outdoor competitions, but with key differences as they take place in the digital world rather than in the physical world so thankfully the participants don’t have to run, while the flags are usually alphanumeric strings.

Acording to CTFTime

There are three common types of CTFs: Jeopardy, Attack-Defence and mixed.
Actually there are more! You can read an pretty extensive analysis [HERE]

Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else. Team can gain some points for every solved task. More points for more complicated tasks usually. The next task in chain can be opened only after some team solve previous task. Then the game time is over and the sum of points reveals the CTF winner. Famous example of such CTF is Defcon CTF quals.

Attack-defense is another interesting kind of competition. Every team has its own network (or only one host) with vulnerable services. Every team has time for patching its own services and developing exploits to attack other teams. Then the organizers connects the machines and the wargame starts! You should protect own services for defense points and hack opponents for attack points. Historically this is a first type of CTFs, everybody knows about DEF CON CTF – something like a World Cup of all other competitions.

CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues.

Leave a Reply

Your email address will not be published. Required fields are marked *