CAPTURE THE FLAG (CTF)
Capture the Flag (CTF) competitions are timed events in which teams race to “hack” their way to various
flags or targets. CTFs are held in either a Jeopardy format or a Red-Blue format. Jeopardy CTFs involve
a number of distinct puzzles in which finding the flag from each challenge awards points. Typically,
puzzles that are solved by fewer teams are worth more points. In Red-Blue CTFs, teams host servers and
go head-to-head in an attempt to exploit weaknesses in the opposing server while securing their own.
So far, our team has primarily focused on the Jeopardy format, but may branch out to internal Red-Blue
competitions in the future. The most common Jeopardy-style CTF categories are described below.
Binary Exploitation
Exploiting a vulnerability in a program to modify its behavior to the attacker's advantage. This
is often done through buffer overflow and may involve taking control of a shell.
Cryptography
Bypassing encryption to access confidential information. There are
lots of tools available to achieve this and most instances of these challenges come down to
identifying the encryption
method.
Forensics
The art of tracking digital trails. It involves monitoring metadata
and manipulating file extensions
to find discrepancies or secrets.
Reverse Engineering
Understanding the functionality of a compiled program with the goal of
finding vulnerabilities and exploiting them.
Web Exploitation
Attacking vulnerabilities specific to the internet. These types of CTF
challenges may involve
gaining unintended access to a site or attacking legitimate user sessions.