What Does It Mean To Take Part To A CTF Competition
Nowadays, cyber-security is no more just a particular university path that follows a first degree in Computer Science, but a subject that everyone should, at least, basically manage. The main reason to do so is that we live in an almost fully-digitized world where tons of information are shared and stored on internet. As a consequence it is fundamental to protect those data either for private or commercial purposes, considering that cyber attacks have recently risen too, in Italy we count on average 131 attacks per day (41.710 per year).
One of the better ways to test our knowledge on the subject, especially for undergraduates, are cyber-security challenges, in particular Capture The Flag (CTF) contests. These competitions trains people to manage hacking and exploits simulating real-world cases. The aim is to find a “flag”, that is some data hidden in a vulnerable system then in a CTF contest a set of these tasks, with different difficulty is given to the participants that, in team or on their own, have to solve them in a limited time. Each solved task gives some points, that summed give the final score, which determines the winner of the contest.
There are two types of CTF events: attack-defend and jeopardy-style. In the first case, the competition involves a number of teams that have to attack and defend their systems alternately. Attacking teams have to catch the flags in the rival’s environment while the defending teams can use any means of defense except for disconnecting or turning off their machines. Other rules are given according to a specific contest, generally there’s no possibility for a team to get an advantage over another team and a violation of the rules implies a penalty or disqualification. In a jeopardy-style event people can work in a team or alone attempting to solve task having not to defend their own systems.
To find and catch “flags” in a machine, and so to solve tasks there’re many possibilities: in one challenge could be requested to code in order to create tools to explore the machine. The participants may also rely on reverse engineering in case a specific tool or application is given by the organizers. Other techniques useful for these challenges are cryptography or steganography, exploitation but also a physical defense of their machines.
Being a competition where problems are based on real-world cases this contests are also important for companies in order to identify and recruit new employees in this field. One example is the Italian CyberChallenge 2018 held in Rome on June 27th: 160 students coming from different Italian universities had the opportunity to have an interview with competition partners’ companies aside from the contest, but only the best 20 faced each other in the CTF challenge. This aspect lead us to the beginning: cyber-security is an issue of information technology that becomes more and more fundamental as our society digitizes and innovates. According to La Sapienza University of Rome, there are 3 millions and a half jobs available on the subject: from this perspective CTF contests help on generate interest on cyber-security by training the future employees and searching for the best ones. This is not just about Italy, but the whole world. In fact, the most important contest is held at DEFCON (conference started in 1993 by Jeff Moss, the first CFT was in 1996) and every year recalls in Las Vegas the best teams of hackers, also coming from the more renowned universities of the globe selected through a preliminary competition where an Italian team (mHackeroni) came up in second position.
This year a brand new cyber-security challenge is going to be held: it is going to be a team-based online CTF jeopardy-style competition. It’s the Reply Cybersecurity Challenge and it is going to be held from 19:30 (CEST) October 5th to 19:30 (CEST) October 6th. For more info here’s the link to the page where to register and train to get prepared to the contest.
Now you know what does it mean to take part to a Capture The Flag competition you’ll probably not let go this opportunity.
