Teamwork during CTF competitions
No, it's not about Quake. The article will be interesting to those who already know what CTF competitions are and participated in at least one such event. For those who do not know, CTF (Capture The Flag) is a competition in the field of information security, the main purpose of which is to capture the so-called "Flags", which later turn into glasses.
Competitions last 24–48 hours, often without interruption, which requires participants to possess a wealth of knowledge and experience. An important factor is the ability to quickly exchange information / knowledge in real time. Thus, CTF can be considered as a model of a time-compressed process associated simultaneously with data analysis, brainstorming, vulnerability search and exploitation, and software development.
Usually competitions are held in two formats or their variations:
We are the combined team of two Russian teams " Leet More " and Smoked Chicken (together " More Smoked Leet Chicken "). The national team has victories and high places in many international competitions, such as iCTF, Defcon CTF, Mozilla CTF, Codegate, PlaidCTF, etc.
Since the number of participants, depending on the competition, can vary from 5 to 15 people, while historically, although ExUSSR connects us all, we live in different parts of the world, from Oslo to Tokyo, from Kiev to Tomsk, and we needed an effective way to interact through the Network.
For a long time, we used IRC to discuss assignments. During CTF, there is often a need to share files, pieces of code, and discuss tasks in context, which is why Google Wave has also become a useful tool for us. But Google Wave also had drawbacks - due to falls on large waves, it could not completely replace IRC. Over time, they abandoned the IRC in favor of a bunch of Skype + GWave. Skype allowed to quickly exchange files, communicate by voice, but the discussion still went on separately from the accumulated knowledge and was still not structured in any way, only squeezes were written into the wave. And although GWave was not perfect, it was sharpened rather for entertainment than for an active discussion of one issue, it suited us.
Unfortunately, Google Wave switched to read-only mode in 2012, and will soon be completely closed. Thus, we again faced the question of finding a convenient tool.
We tried Walkaround and Wave in a box, but in terms of stability and functionality they were too far from their ancestor. Rizzoma.com
came to the rescue - they were able to take the best from GWave, but at the same time give up many unnecessary things, it was no longer a social network with the ability to edit text in real time, but rather the opposite - a tool for working in real time with other features into the load.
Although full-fledged contextual communication in Rizzoma is still impossible, the implemented mechanisms for updating and structuring knowledge in real time completely satisfied us.
We developed our own way of forming a discussion structure, color coding. In the case of the CTF Jeopardy type, all tasks are divided into categories, which we use as the main method of structuring. In classics, the structure depends on the quantity and type of services. The discussion is held in text or voice on Skype, if necessary, the participants are divided into groups to solve a specific problem, then the squeezes are written in Rizzoma, where other members of the team can read them. For file sharing, Dropbox shared folders are used. If necessary, links are written to the appropriate discussion thread. Shared folders make it easy to share best practices. Also, thanks to notifications, it is easy to monitor file changes.
Since the team is geographically diverse, each of the participants lives in his own time zone, so it is important that he can connect to work on the task without further explanation as far as possible.
If any task causes difficulties, everything found on it is structured and recorded in Rizzoma. Thus, a certain knowledge base is obtained that allows you to quickly continue working when new information appears.
At the end of the competition, we have a description of all the tasks that were completed, collected in one place with a clear structure, which simplifies the understanding of the course of the decision for those who did not take part in it, as well as writing reports and writeups.
A description of the course of solving some tasks from past events can be found on the team sites:
Smoked Chicken
Leet More .
Competitions last 24–48 hours, often without interruption, which requires participants to possess a wealth of knowledge and experience. An important factor is the ability to quickly exchange information / knowledge in real time. Thus, CTF can be considered as a model of a time-compressed process associated simultaneously with data analysis, brainstorming, vulnerability search and exploitation, and software development.
Usually competitions are held in two formats or their variations:
- Classic - teams must find vulnerabilities in the opponent’s infrastructure, attack and retrieve flags, while protecting their infrastructure;
- Jeopardy - teams solve a series of problems of varying complexity, receiving flags as solutions.
We are the combined team of two Russian teams " Leet More " and Smoked Chicken (together " More Smoked Leet Chicken "). The national team has victories and high places in many international competitions, such as iCTF, Defcon CTF, Mozilla CTF, Codegate, PlaidCTF, etc.
Since the number of participants, depending on the competition, can vary from 5 to 15 people, while historically, although ExUSSR connects us all, we live in different parts of the world, from Oslo to Tokyo, from Kiev to Tomsk, and we needed an effective way to interact through the Network.
For a long time, we used IRC to discuss assignments. During CTF, there is often a need to share files, pieces of code, and discuss tasks in context, which is why Google Wave has also become a useful tool for us. But Google Wave also had drawbacks - due to falls on large waves, it could not completely replace IRC. Over time, they abandoned the IRC in favor of a bunch of Skype + GWave. Skype allowed to quickly exchange files, communicate by voice, but the discussion still went on separately from the accumulated knowledge and was still not structured in any way, only squeezes were written into the wave. And although GWave was not perfect, it was sharpened rather for entertainment than for an active discussion of one issue, it suited us.
Unfortunately, Google Wave switched to read-only mode in 2012, and will soon be completely closed. Thus, we again faced the question of finding a convenient tool.
We tried Walkaround and Wave in a box, but in terms of stability and functionality they were too far from their ancestor. Rizzoma.com
came to the rescue - they were able to take the best from GWave, but at the same time give up many unnecessary things, it was no longer a social network with the ability to edit text in real time, but rather the opposite - a tool for working in real time with other features into the load.
Although full-fledged contextual communication in Rizzoma is still impossible, the implemented mechanisms for updating and structuring knowledge in real time completely satisfied us.
We developed our own way of forming a discussion structure, color coding. In the case of the CTF Jeopardy type, all tasks are divided into categories, which we use as the main method of structuring. In classics, the structure depends on the quantity and type of services. The discussion is held in text or voice on Skype, if necessary, the participants are divided into groups to solve a specific problem, then the squeezes are written in Rizzoma, where other members of the team can read them. For file sharing, Dropbox shared folders are used. If necessary, links are written to the appropriate discussion thread. Shared folders make it easy to share best practices. Also, thanks to notifications, it is easy to monitor file changes.
Since the team is geographically diverse, each of the participants lives in his own time zone, so it is important that he can connect to work on the task without further explanation as far as possible.
If any task causes difficulties, everything found on it is structured and recorded in Rizzoma. Thus, a certain knowledge base is obtained that allows you to quickly continue working when new information appears.
- Solved tasks are deleted from the list;
- If the task requires the attention of free participants, it is highlighted in red;
- Useful information, such as, for example, an attack vector, can be highlighted in blue;
- Information requiring verification is highlighted in yellow;
- If the flag is extracted from the task, but it requires additional work, the flag is highlighted in green, but the task is not deleted from the list.
At the end of the competition, we have a description of all the tasks that were completed, collected in one place with a clear structure, which simplifies the understanding of the course of the decision for those who did not take part in it, as well as writing reports and writeups.
A description of the course of solving some tasks from past events can be found on the team sites:
Smoked Chicken
Leet More .