In this new topic we will talk about the CTF concept and why is it useful for the engineers in penetration tests or Security engineer in general. No technical aspects will be given. It’s just an informative article.
Many articles and videos are made over the internet about it subject. During some national or international conferences this event is present, but why ?
The CTF comes from the world of video games and specially in the FPS games. Each team must find the Flag of the other team without to be kill.
There are also other domains like in sport. The most famous sport in this domain is the paintball.
Above, the concept with drawings.
What is it exactly ?
CTF is the abbreviation for “Capture The Flag”. This is a game mode in which several attackers must steal a flag and bring it home. The goal of the defender (who is none other than the organizer of the CTF, in general) is to protect his flags.
In competition, we have the hackers ( the attackers) and the defenders ( Blue Team). The Blue Team sets up protections like firewalls and so on to avoid the attackers to catch the FLAG.
The organizers set up several systems, networks, applications and the participants must break into them in order to recover the flag.
This is an intrusion into a real system, with data theft … except here the flag has no monetary value.
There are different categories of challenges. Below you will find the main.
- Binary Analysis / Reverse Engineering : you are provided with an executable and you must extract the flag. It can be a password to find by reversing the operation of the program.
- Web : A website is accessible and you have to find something interesting that could look like a flag. A password ? The contents of the file named flag ?
- Forensic : a machine has been compromised, you are given RAM / Disk / Logs / … and you have to find a precise information in (name of the person who compromised the machine?).
- Network : Your network has suffered a DoS attack and you need to find out who attacked it and how.
- System : A system is very harding and you must break into to find the flag.
- Cryptography : Someone implemented an encryption algorithm, he was probably mistaken at one time and you must exploit this flaw.
- Mobile Security : An employee realized that his phone may have been infected by a spy. You must find which application is responsible, the FLAG is in the application.
- Steganography : information is hidden in an image, it’s up to you to find it.
- Physical (more rare): you must enter a closed room; you have a USB key and must extract information hidden on it. RedTeam simulation
The most famous CTFs are those organized by the big groups (for example: the Google CTF ) or during conferences dedicated to security ( Defcon , BlackHat, the Wargame of the NuitDuHack in Paris …).
The CTF are often inspired by real cases. Being aware of the flaws in a system allows you to have a global vision and therefore a head start.
The competitions help the pentesters because they see new systems, new methods of attacks and can apply them during their consulting services.
Sharing technical knowledge is very important in this security environment.
Learning while having fun and confronting others helps to better understand the world of security in companies.
But an important thing :