Ready to Start Your Career?
August 7, 2017
Capture the Flags: What They Mean for Security
August 7, 2017
Capture the flags are just one form of valuable cyber security training that inspire productive competition and serve as an educational exercise for participants. In a security CTF, the contestants may be tasked with securing a machine, conducting or reacting to attacks, similar to those found in the real-world.The first CTF was developed and hosted in 1996 at popular cyber security conference DEF CON. Popular CTF topics tested on at DEF CON have included: reverse engineering, protocol analysis, programming, and cryptanalysis.There are two main styles of capture the flag competitions: attack/defense and jeopardy.“In an attack/defense style competition, each team is given a machine (or a small network) to defend on an isolated network. Teams are scored on both their success in defending their assigned machine and on their success in attacking the other team's machines. Depending on the nature of the particular CTF game, teams may either be attempting to take an opponent's flag from their machine or teams may be attempting to plant their own flag on their opponent's machine.Jeopardy-style competitions usually involve multiple categories of problems, each of which contains a variety of questions of different point values and difficulties. Teams attempt to earn the most points in the competition's time frame (for example 24 hours), but do not directly attack each other. Rather than a race, this style of game play encourages taking time to approach challenges and prioritizes quantity of correct submissions over the timing.”CTFs have become a valuable training tool by bringing together cyber security professionals from across the globe and making it possible for them to pit their skills against one another for the sake of improvement (and bragging rights). Because cyber security encapsulates so many areas, it is hard to test on not only the textbook knowledge, but on the practical experience and situational problem solving as well.With CTFs, you get a combination of those elements, as well as the ability to measure your skills against others. This is not only great for training as an individual, but can also be leveraged by organizations when hiring new talent, or ensuring their current talent is meeting the requirements.According to Andrew Ruef, “The focus areas that CTF competitions tend to measure are vulnerability discovery, exploit creation, toolkit creation, and operational tradecraft. A modern computer security professional should be an expert in at least one of these areas and ideally in all of them. Success in CTF competitions demands that participants be an expert in at least one and ideally all of these areas. Therefore, preparing for and competing in CTF represents a way to efficiently merge discrete disciplines in computer science into a focus on computer security.”Whether you’re serious about assessing your skills or looking for competitive fun, CTFs can be a great affordable way of putting you security knowledge to the test.Similarly, Thomas Bennett, an Information Security Specialist at Alliance Data Systems, Inc. (ADS) says, “These competitions allow prospective employers and colleagues to observe and validate the technical skills of the participants in a simulated but realistic environment. Team-based CTFs also allow the potential employer to see the person working in a high stress environment with a team and delegating tasks.”Cyber Skyline offers a skill assessment bundle of CTFs called ‘Hacker’s Paradise.' In this bundle, you receive access to Cryptography, Password Cracking, Network Traffic Analysis, and Wireless Exploitation.Additionally, Cyber Skyline offers Forensics, Log Analysis, and Open Source Intel Assessments for individual purchase in the Cybrary marketplace.Tips for CTF Success from Cybrary’s @StevenE:
- Don’t be afraid to ask for hints (within the CTF portal, that is)
- Read write-ups of challenges you’ve struggled with
- Remember than even though a CTF is a competition, it’s also a learning experience
- Attempt every question, even those you don’t know
- Google is your friend. Use it!
- Don’t overthink. Often the answer is less complicated than you may perceive.
- Don’t get tunnel vision and focus on the wrong details. Stick with the task at hand!