Tim Harmon is a Cisco Champion, an elite group of technical experts who are passionate about IT and enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The program has been running for over four years and has earned two industry awards as an industry best practice. Learn more about the program at.Welcome to the Cyber Security Capture the Flag (CTF) Series.
A capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems. Typically, these competitions are team-based and attract a diverse range of participants, including students, enthusiasts and professionals. Capture The Flags, or CTFs, are a kind of computer security competition. There's very little running in this kind of CTF Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill.
This series is about how to develop and host a cyber security CTF and how to do it well. As from my previous blog (Cyber Security Capture the Flag (CTF): What Is It?”), cyber security CTFs are used to keep security professionals and students up-to-date with their skills in the cyber security industry. They are also used to determine what areas of security that professionals need to work on. There is a process in developing and hosting a CTF and this should help anyone who is interested in developing and hosting their own cyber security CTF. It is recommended that you have some experience in at least participating in CTFs before you develop and host your own CTF.The first and most important phase of developing and hosting a CTF is the planning phase. Planning, or lack thereof, can make or break the event as there may be some delays on implementing the CTF due to situations arising from not enough planning. I know this from experience as my team did not plan enough and we had to figure out a backup plan to get the CTF to be ready.
We ended up pushing the CTF back one week but it became a success anyway.This phase consists of several decisions based on the answers to the who, what, where, when, why and how questions. There can be a few to a lot of questions for each section and all questions for the even should be at least attempted to be answered. Any question left unanswered can cause problems later on in the process. In this section, I will pose some of the questions that can be used.Who:.
Who is the target audience for the CTF?. Who, if any, are the sponsors of the CTF?. Who will promote the CTF in order to gain participants?. Who will secure the venue and equipment?What:. What type of CTF will this be? Jeopardy-style, attack-defend or hybrid?.
What equipment do we need for the CTF?. What will the participants need to bring?. What categories are going to be in the CTF?.
What types of challenges will there be?. What will the scoreboard be?Where:.
Where are we going to host the CTF?. Where are the participants going to plug their laptop in?