KasperBlog

The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants from both the attack and defense viewpoints.

The Capture The Flag contest is a multi-site, multi-team hacking contest in which a number of teams compete independently against each other.

Each team is given a virtualized server installation (for example, a virtual Linux server). The server provides a number of services. The services have a number of undisclosed vulnerabilities, which have been included in the server's software by the contest organizers.

The goal of each team is to maintain the set of services available and uncompromised throughout the contest phase. Each team can (and should) attempt to compromise other teams' services. Since all the teams receive an identical copy of the virtual server, the task of each team is to find vulnerabilities in their copy of the server and possibly fix the vulnerabilities without disrupting the services. At the same time, the teams have to leverage their knowledge about the vulnerabilities they found to compromise the servers run by other teams. Compromising a service will allow a team to bypass the service security mechanisms and to "capture the flag" associated with a service.

During the contest a scoring system keeps track, for each team, of which services are available, and which services have been compromised.

I participated in both international CTF contests organized by UCSB so far and really enjoyed them. Not only were the vulnerable services fun break, I also think the virtual servers' "evil company" themes were awesome and integrated all the services into a nice and consistent setting.