Sunday, September 25, 2011

Nashville InfoSec CTF Recap

On September 15, my colleagues and myself hosted a Capture The Flag event (CTF) at Nashville InfoSec 2011 at the Nashville Convention Center.

The CTF consisted of a vulnerable network environment that was designed to be exploited to gain access to different areas where flags will were hidden.

The goal of the game was to provide a fun and slightly competitive atmosphere for those who were interested in performing penetration testing roles. The game was designed for a wide range of skill sets with the end result being a better understanding of how attacks are performed, and thus, how to better defend against them.



Along the course of the game, the flags (strings) were hidden in files as well as in other strategic locations which are sort of milestones within the event. In addition, the event was not set up in a linear fashion, so there were several ways with which to achieve the flags, which were weighted based upon level of difficulty in finding it. The game was created so that all of the vulnerabilities were common and real world examples. The tools used to exploit the vulnerabilities were also common and were included in BackTrack 5, which was provided to anyone who needed it.

We started right around 8:30 and ran until lunch break at 11:50am. Five teams showed up and competed in this years event with the goal of being the team with the most points (maximum of 40) at the end of the time limit

The comments that we heard from both the teams and the spectators was that the event was very fun and educational. One team leader remarked that this was the best training that his team could receive.

If you or team participated in the CTF and would like to give us your thoughts/write-ups of the event, please send them to wraith@digitaloverdrive.org or post them in the comments below.

No comments:

Post a Comment