THE WHAT
When talking with (describing to) people about the SkyDog Con CTF I’m often asked why I setup the CTF as a vulnerable VM rather than a “traditional” CTF. Having given this some thought I decided to write out the things that I love and hate when playing CTF’s and why I do things differently at SkyDog Con.
First, let me start off by saying that I believe CTF’s can be a great way of teaching not only techniques but more importantly critical thinking skills. I've tried to incorporate the need for critical thinking into the CTF by using a theme. The overall theme plays a vital role in solving the CTF because it provides “context” for each flag. Last years CTF was based on the movie “Sneakers” with each of the flags referencing something from the movie. The movie provided the context for the flags. If you didn’t watch the movie then solving some of the flags would be incredibly difficult and take much more time no matter what technique or tool you used. This year is no different. I’ve chosen a new theme and I’m excited to see how people do with it.THE WHY
Ok so the first issue with a traditional CTF are resources. Particular the hardware needed to run the actual competition. This is usually made up of switches and a few wireless access points. Then there’s also the matter of the server/servers that host the virtual machines that the players are trying to access/pwn in some way in order to discover flags. This architecture immediately introduces two potential bottlenecks that can literally make or break the CTF for everyone. The first is the network and the second are the servers. Having played in well over a hundred CTF’s I can tell you that network latency is a huge issue which typically rears it’s ugly head as an incredibly slow network. The network speed will play a big part in how fast your scans will finish when doing your typical reconnaissance. Not to mention if some dingo starts deauthing the wireless. Several months ago I played a CTF where just doing nmap scans took several hours to complete due to network congestion. This makes total sense when you’ve got 100+ people bombarding a gigabit switch just by scanning. The server hardware also plays a huge role in all this. Depending on how many players and the specs on the server box it’s easy to overload the server and start bringing down services and applications.
Because of this the SkyDogCon CTF is provided as a vulnerable virtual machine that you run on your own laptop using either VMWare or VirtualBox. This resolves any potential network issues not to mention server performance issues that typical CTF’s face. You also don’t have to worry about being on a hostile network, as your completely isolated.
The second issue is man power. I’m a one man show so I would much rather be spending my time helping players find flags and hopefully learning new things by giving hints instead of just trying to keep the network and servers up and running the entire time.
THE HOW
Let’s talk about flags and scoring. Some CTF’s don’t show you exactly how many flags there are. I find this annoying so I make sure that players know exactly how many flags there are in total. I also hate wasting my time when trying to submit flags that have no consistency. Where maybe the first flag is a string like “Howard” and the second is hex or something. Searching and finding flags is the fun part. Submitting them is not, so all the flags in the SkyDog Con CTF are in the form of flag{0800fc577294c34e0b28ad2839435945}, where the actual flag is always an MD5 hash. I did this so that when you find a flag there is no guessing, you know that’s the flag. This also makes submitting flags a lot easier since each one is a hash.
I could go on but those are the main points. I’d also like to say that this is in no way a jab at any other CTF’s out there. Creating one of these things from scratch is freaking tough and I have great respect for anyone who even tries let alone pulls it off. Hope this gets you interested in this year's SkyDogCon CTF & gives prepares you to come out and give it a try!