When I was going through my Master of Science in Cyber Security and Information Assurance program at National University (in 2015), a few students from the cohort who was in their capstone project course came in and asked for volunteers to participate in their Capture the Flag (CTF) competition. I volunteered to participate and found out that it was a lot of fun. The CTF event was the attack/defend style where there were two teams and the event consisted of two rounds. The first round had one team attacking and the other team was defending. The second round switched the roles of each team.
For my capstone project, I decided to develop and host a CTF event and make it as a way of security training in academia and in the workplace. As I was working on this project, I realized there were no books and very little information on how to develop and host a CTF event. Most of the information I found was write-ups of CTFs in which it explained what the team did to solve the challenges. During my capstone project, I wanted to create a book on how to develop and host a CTF event. I did not have the resources to create a book, or even a blog, until I was accepted into the Cisco Champion Program in January 2016. First, I created a blog on what a cyber security CTF is.
Next, I decided to create a blog series on how to develop and host a CTF event. This series goes through the different steps that need to be done in order to have a successful CTF event. There are five sections in the series: Planning/Design, Developing, Implementing, Monitoring, and Conclusion. Below, you will see some excerpts from Parts 1 through 3. Parts 4 and 5 will be posted on this site.
Welcome to the Cyber Security Capture the Flag (CTF) Series. This series is about how to develop and host a cyber security CTF and how to do it well. As from my previous blog (Cyber Security Capture the Flag (CTF): What Is It?”), cyber security CTFs are used to keep security professionals and students up-to-date with their skills in the cyber security industry. They are also used to determine what areas of security that professionals need to work on. There is a process in developing and hosting a CTF and this should help anyone who is interested in developing and hosting their own cyber security CTF. It is recommended that you have some experience in at least participating in CTFs before you develop and host your own CTF.
The first and most important phase of developing and hosting a CTF is the planning phase. Planning, or lack thereof, can make or break the event as there may be some delays on implementing the CTF due to situations arising from not enough planning. I know this from experience as my team did not plan enough and we had to figure out a backup plan to get the CTF to be ready. We ended up pushing the CTF back one week but it became a success anyway.
(For the rest of the blog post, please click the title "Part 1...")
Welcome to Part 2 of the Cyber Security Capture the Flag (CTF) series. Part 1 discussed the importance of planning and how to effectively design the CTF event. Once the planning and designing phase has occurred, it is time to start developing the CTF. In this phase, we will discuss what needs to be done in order to implement the event. This will include securing a venue, getting the equipment (software and hardware) and setting everything up.
The first thing in this phase that is extremely important is for the venue to be secured. The venue can be located in an office, classroom or even a gymnasium as long as there is Internet and electrical access. For example, some companies have hackathons (2 to 5 day competitions with programming) in gymnasiums such as LAHack and NYHack.
(For the rest of the blog post, please click the title "Part 2...")
Welcome to Part 3 of the Cyber Security Capture the Flag (CTF) Series. So far in the series, we have discussed how to design/plan the CTF event and how to develop the event (Part 1, Part 2). This part will discuss the implementation phase in which the CTF event is actually taking place with the participants.
The day for the CTF event has come and the team will need to power up all machines being used in the event. It is best for the team to be at the venue at least one to three hours before the participants are expected to arrive. This will give the team enough time to check to make sure that everything will go well with connecting to the server and scoreboard, doing the challenges, and inputting the answers into the scoreboard.
(For the rest of the blog post, please click the title "Part 3...")
Part 4: Monitoring
The monitoring section will be posted in the near future. Keep checking this site as it can be posted at any time.
I hope you have learned how to create and host a successful CTF event. You are welcome to contact me for questions you have in regards to CTFs.