The world is mostly digital, cyber attacks more advanced and sophisticated. Hence cyber security is a high priority for governments and all size companies. World is short of skilled cyber security professionals. We can overcome this gap with the help of various training programs. It is important for professionals to learn how hackers conduct network breach and get away with data. One such way of cyber security practical hands-on training is through a cyber security capture the flag (CTF) event.
A cyber security CTF is a competition between security professionals and/or students learning about cyber security. This competition is a platform for security professionals to sharpen their skill on tools they have learned during various other training programs.
This competition is conducted in two different formats that is: attack-defend and Jeopardy-style.
The attack-defend CTF where each team attempts to attack the other team’s system and ensure to defend their own system. Usually, there are two rounds of game play in which one team is the attacking team and the other team is the defending team in the first round and then they switch for the second round. There are flags (text files, folders, images, etc.) in the defending machines that the attacking team attempts to find as they compromise the machines. The attacking team uses different hacking tools in order to compromise the defending machines. There are rules in place to ensure that the teams are not able to take an advantage over the other. The defending team can do anything within the rules to defend their machines against the attacking team. They are not allowed to disable any network connections or turn off the machines. If there is any rule violation, the team will incur a penalty or be disqualified.
The Jeopardy-style CTF is similar to the actual Jeopardy game as the scoreboard looks like a Jeopardy board with different categories and point values. There can be more than two teams as the teams are not trying to attack each other. Some of the categories can include Cryptography, Steganography, Physical Security and Scanning. There are several other categories that can be used. Some of the challenges can be done against a main server that was developed for the CTF and the flag is inputted into the CTF scoreboard to get points for the team. A timer is used to start and stop the CTF and once the timer finishes, the game is over. The team with the most points at the end wins.