On the development of the upcoming CTF with offline quest for a nationwide battle of the hackers
hi Habrovany! I hope many of you know cosy and attend hacker conferences, forums and meetings, not only for the after-party, but also to stretch your mind and ingenuity on CTF (Capture The Flag). Organizing the event, which will be combined all of the above, I would like to share the experience of our team over the choice of platform for СTF and in fact most of the development.
CTF — competition-related vulnerability and hidden data, which are conventionally divided into classic and laskovye. Classical events also called Attack-Defence: the point is to perform a system image, find vulnerabilities, fix them and remember proekspluatirovat on servers other teams. We will focus on taskovic jobs.
On Habrahabr there are many people who are into CTF games, so the question is: why there are many sites with the ranking of teams and participants, scoreboard'AMI and analytical articles, many have long found the answer. It's almost the only occupation in which there is a competitive spirit and every "muscle guy" can play advantage, though artificial, and only somewhat close to reality conditions.
It is one thing to participate in CTF, totally different, I'll introduce you — to create and organize this event.
the
Platform for the CTF are of two types: finished and in-house. Ready platform is good for its "features" that are being finalized over the years and tested by many competitions. House, in fact, guarantee the security of the website because they will be written by people who know more about it than the average programmer-coder (which we cannot guarantee in the case of ready-made platforms, it all depends on the direct hands). So personally, our choice has fallen on Facebook platform CTF is an interesting system with the following settings:
Different types of tasks:
the
And there are clues opening which removed some points. Not a small plus: Facebook one of the most exciting interfaces among platforms.
The Facebook platform CTF was originally used in such CTF'Oh, how Facebook CTF at Csu San Bernardino and the conference BruCON 2014. Facebook subsequently began to promote a policy of open Source SOFTWARE. It also affected their CTF platform.
And in may 2016, they opened the source code on github. But as you can guess, the product was unfinished, but the developers do not sleep and by September had about 401 changes to their code from the date of publication. I hope that they will continue at the same pace to upgrade their product :)
the
And here we encountered the first difficulties: it turned out that the platform is only in beta and has many bugs. We faced the task to fix and correct some bugs. I will not describe the whole process of repair andspikes, let me just say that several times I wanted to change the platform, but still decided to be one of the first to conquer Facebook CTF.
All edits we conducted based on our three-year experience of participation in CTF competitions. Takes into account all the mistakes made in other competitions, such as the lack of bugbounty and points for him, the relationship with the creators of tasks and more! Also this is influenced by the platform ctftime where including laid a lot ritabou with the participants about any current event.
the
the
And for those who want to try themselves in creating the tasks, we made the competition tasks.
the
Next, about the contest task: this is for you a real opportunity to practice creating their tasks in virtually all categories! In case your task goes to CTF, you will receive a free ticket to the conference, respect, honor. While sent little tasks, so the chance to be selected high! Applications are accepted on mail: ctf@hackit-ukraine.com
the
Prepared in addition to 12 categories with interesting her, is nice for both beginners and pros in each of the regions, the top 10 teams expect offline-Tur with an unusual and interesting contests, more entertainment, but not without the ingenuity of the genre (still a secret what :) ).
the
Be online the tour will September 23, October 2,. And every day will open multiple tasks from various categories. According to its results the best teams will be invited to offline Tur 7th Oct to the conference HackIT-2016. In the final the teams will be expected tankovy CTF, but in real life with non-standard competitions, blackjack andladies. Our team prepares exciting quests in reality, hacking web cameras, RFID locks and many more.
Analysis of the most interesting jobs for the suffering will be published after the event.
And a discount on the event itself for habrovky: promo code for 10%, can someone come in handy:
HABR0710
Article based on information from habrahabr.ru
CTF — competition-related vulnerability and hidden data, which are conventionally divided into classic and laskovye. Classical events also called Attack-Defence: the point is to perform a system image, find vulnerabilities, fix them and remember proekspluatirovat on servers other teams. We will focus on taskovic jobs.
On Habrahabr there are many people who are into CTF games, so the question is: why there are many sites with the ranking of teams and participants, scoreboard'AMI and analytical articles, many have long found the answer. It's almost the only occupation in which there is a competitive spirit and every "muscle guy" can play advantage, though artificial, and only somewhat close to reality conditions.
It is one thing to participate in CTF, totally different, I'll introduce you — to create and organize this event.
the
platforms
Platform for the CTF are of two types: finished and in-house. Ready platform is good for its "features" that are being finalized over the years and tested by many competitions. House, in fact, guarantee the security of the website because they will be written by people who know more about it than the average programmer-coder (which we cannot guarantee in the case of ready-made platforms, it all depends on the direct hands). So personally, our choice has fallen on Facebook platform CTF is an interesting system with the following settings:
Different types of tasks:
the
-
the
- Quiz — the same as ordinary questions that you want to give an answer (word, phrase) the
- Flag — laskovoe job (file, link, etc.) the answer to which is a flag in the appropriate format (our format h4ck1t{text}). the
- Bases the analogy of the game "king of the hill" who first solves the task, he gets the most points (descending)
And there are clues opening which removed some points. Not a small plus: Facebook one of the most exciting interfaces among platforms.
The Facebook platform CTF was originally used in such CTF'Oh, how Facebook CTF at Csu San Bernardino and the conference BruCON 2014. Facebook subsequently began to promote a policy of open Source SOFTWARE. It also affected their CTF platform.
And in may 2016, they opened the source code on github. But as you can guess, the product was unfinished, but the developers do not sleep and by September had about 401 changes to their code from the date of publication. I hope that they will continue at the same pace to upgrade their product :)
the
configure
And here we encountered the first difficulties: it turned out that the platform is only in beta and has many bugs. We faced the task to fix and correct some bugs. I will not describe the whole process of repair and
All edits we conducted based on our three-year experience of participation in CTF competitions. Takes into account all the mistakes made in other competitions, such as the lack of bugbounty and points for him, the relationship with the creators of tasks and more! Also this is influenced by the platform ctftime where including laid a lot ritabou with the participants about any current event.
the
Creating tasks
the
-
the
- Admin/Misc — tasks close to the daily problems of system administrators. the
- Cryptography — tasks, which are based on the characteristics of the cryptographic algorithms. the
- PWN — vulnerability and subsequent operation of a service running on some port. the
- Exploit — similar to PWN, but we still include the source code of this binary. the
- Forensics — investigating incidents, analyzing various dumps, etc. the
- Joy — must be periodically distracted by frivolous tasks:) the
- Network — network job. the
- PPC — jobs programming. the
- Reverse — analysing binaries with the subsequent learning algorithms used in the program, to get flags
- Web — web security.
Steganography — hidden communication channels. the
And for those who want to try themselves in creating the tasks, we made the competition tasks.
the
Competition tasks
Next, about the contest task: this is for you a real opportunity to practice creating their tasks in virtually all categories! In case your task goes to CTF, you will receive a free ticket to the conference, respect, honor. While sent little tasks, so the chance to be selected high! Applications are accepted on mail: ctf@hackit-ukraine.com
the
Offline tour H4ck1t CTF
Prepared in addition to 12 categories with interesting her, is nice for both beginners and pros in each of the regions, the top 10 teams expect offline-Tur with an unusual and interesting contests, more entertainment, but not without the ingenuity of the genre (still a secret what :) ).
the
competitions
Be online the tour will September 23, October 2,. And every day will open multiple tasks from various categories. According to its results the best teams will be invited to offline Tur 7th Oct to the conference HackIT-2016. In the final the teams will be expected tankovy CTF, but in real life with non-standard competitions, blackjack and
Hope finds it for commercial advertising, to be registered on the CTF here
Analysis of the most interesting jobs for the suffering will be published after the event.
And a discount on the event itself for habrovky: promo code for 10%, can someone come in handy:
HABR0710
Комментарии
Отправить комментарий