Capture the Flag (aka CTF) competitions are timed events in which teams compete to “hack” their way to various flags or targets. CTFs are held in either a Jeopardy format or a Red-Blue format. Jeopardy CTFs involve a number of distinct puzzles in which finding the flag from each challenge awards points. Typically, puzzles that are solved by fewer teams are worth more points. In Red-Blue CTFs, teams host servers and go head-to-head in an attempt to exploit weaknesses in the opposing server while securing their own.
So far, our team has primarily focused on the Jeopardy format, but may branch out to internal Red-Blue competitions in the future. The most common Jeopardy-style CTF categories are described below.
Binary Exploitation involves exploiting a vulnerability in a program to modify its behavior to the attacker's advantage. This is often done through buffer overflow and may involve taking control of a shell.
Crypotgraphy entails breaking common methods of encryption to access intentionally hidden information. There are lots of tools available to achieve this and most instances of CTF cryptography challenges come down to identifying the encryption method being used.
Forensics, fittingly, is the art of tracking digital trails. It typically involves monitoring metadata and manipulating file extensions to find discrepancies or hidden data.
Reverse Engineering focuses on understanding the functionality of a compiled program or one written in a low level language with the goal of finding vulnerabilities and exploiting them.
Web Exploitation focuses on attacking vulnerabilities specific to the internet. These types of CTF challenges may involve gaining unintended access to a site or attacking legitimate user sessions.