Team interaction during CTF competitions
No, this is not about Quake. The article will be interesting to those who already know what CTF competitions are and have participated in at least one such event. For those who do not know, CTF (Capture The Flag) is an information security competition, the main purpose of which is to capture the so-called. "Flags", which later turn into glasses.
Competitions last 24–48 hours, often without interruption, which requires the participants to possess a huge store of knowledge and experience. An important factor is the ability to quickly share information / knowledge in real time. Thus, CTF can be considered as a model of a time-compressed process associated simultaneously with data analysis, brainstorming, search and exploitation of vulnerabilities, and software development.
Usually competitions are held in two formats or their variations:
')
We are the combined team of two Russian teams " Leet More " and Smoked Chicken (together " More Smoked Leet Chicken "). The national team has victories and high places in many international competitions, such as iCTF, Defcon CTF, Mozilla CTF, Codegate, PlaidCTF, etc.
Since the number of participants, depending on the competition, can vary from 5 to 15 people, it has historically developed that although ExUSSR binds us all, we live in different parts of the world, from Oslo to Tokyo, from Kiev to Tomsk, and us needed an effective way to interact through the network.
For discussion of tasks we used IRC for a long time. During CTF, it is often necessary to share files, pieces of code, to discuss tasks contextually, so the Google Wave service has also become a useful tool for us. But Google Wave had its drawbacks - because of the crashes on the big waves, it could not completely replace IRC. Over time, they abandoned IRC in favor of the Skype + GWave bundle. Skype allowed us to quickly exchange files, communicate in voice, but the discussion still took place separately from the accumulated knowledge and was still not structured in any way, only squeezes were written into the wave. And although GWave was not perfect, it was sharpened more for entertainment than for an active discussion of one issue, it suited us.
Unfortunately, Google Wave switched to read-only mode in 2012, and soon it will be completely closed. Thus, we again faced the question of finding a convenient tool.
We tried "Walkaround" and "Wave in a box", but in terms of stability and functionality they were too far from their ancestor.
Rizzoma.com came to the rescue - they were able to take the best of GWave, but at the same time give up many unnecessary things, it was no longer a social network with the ability to edit text in real time, but rather the opposite - a tool for working in real time with other features in load.
And although full-fledged contextual communication in Rizzoma is still impossible, the implemented mechanisms for updating and structuring knowledge in real time fully satisfied us.
We have developed our own way of forming the discussion structure, color coding.
In the case of the CTF type Jeopardy, all tasks are divided into categories, which we use as the main structuring method. In the classics, the structure depends on the number and type of services.
The discussion takes place in text or voice in Skype, if necessary, the participants are divided into groups to solve a specific task, then the extracts are written in Rizzoma, where other members of the team can read them.
Dropbox shared folders are used for file sharing. If necessary, links are written to the appropriate thread. Shared folders make it easy to share your work. Also, thanks to notifications, it is easy to keep track of file changes.
Since the team is geographically distributed, each of the participants lives in his time zone, so it is important that he could, without further explanation, join the work on the task as far as possible.
If any task causes difficulties, everything found on it is structured and recorded in Rizzoma. Thus, it turns out some kind of knowledge base that allows you to quickly continue work when new information appears.
At the end of the competition, we have a description of all solved tasks, collected in one place with a clear structure, which simplifies the understanding of the decision process for those who did not take part in it, as well as writing reports and writeup.
Description of the progress of solving some tasks from past events can be read on the websites of the teams:
Smoked chicken
Leet More .
Competitions last 24–48 hours, often without interruption, which requires the participants to possess a huge store of knowledge and experience. An important factor is the ability to quickly share information / knowledge in real time. Thus, CTF can be considered as a model of a time-compressed process associated simultaneously with data analysis, brainstorming, search and exploitation of vulnerabilities, and software development.
Usually competitions are held in two formats or their variations:
- Classic - teams must find vulnerabilities in the opponent's infrastructure, attack and extract flags, while protecting their infrastructure;
- Jeopardy - teams solve a series of tasks of varying complexity, receiving flags as solutions.
')
We are the combined team of two Russian teams " Leet More " and Smoked Chicken (together " More Smoked Leet Chicken "). The national team has victories and high places in many international competitions, such as iCTF, Defcon CTF, Mozilla CTF, Codegate, PlaidCTF, etc.
Since the number of participants, depending on the competition, can vary from 5 to 15 people, it has historically developed that although ExUSSR binds us all, we live in different parts of the world, from Oslo to Tokyo, from Kiev to Tomsk, and us needed an effective way to interact through the network.
For discussion of tasks we used IRC for a long time. During CTF, it is often necessary to share files, pieces of code, to discuss tasks contextually, so the Google Wave service has also become a useful tool for us. But Google Wave had its drawbacks - because of the crashes on the big waves, it could not completely replace IRC. Over time, they abandoned IRC in favor of the Skype + GWave bundle. Skype allowed us to quickly exchange files, communicate in voice, but the discussion still took place separately from the accumulated knowledge and was still not structured in any way, only squeezes were written into the wave. And although GWave was not perfect, it was sharpened more for entertainment than for an active discussion of one issue, it suited us.
Unfortunately, Google Wave switched to read-only mode in 2012, and soon it will be completely closed. Thus, we again faced the question of finding a convenient tool.
We tried "Walkaround" and "Wave in a box", but in terms of stability and functionality they were too far from their ancestor.
Rizzoma.com came to the rescue - they were able to take the best of GWave, but at the same time give up many unnecessary things, it was no longer a social network with the ability to edit text in real time, but rather the opposite - a tool for working in real time with other features in load.
And although full-fledged contextual communication in Rizzoma is still impossible, the implemented mechanisms for updating and structuring knowledge in real time fully satisfied us.
We have developed our own way of forming the discussion structure, color coding.
In the case of the CTF type Jeopardy, all tasks are divided into categories, which we use as the main structuring method. In the classics, the structure depends on the number and type of services.
The discussion takes place in text or voice in Skype, if necessary, the participants are divided into groups to solve a specific task, then the extracts are written in Rizzoma, where other members of the team can read them.
Dropbox shared folders are used for file sharing. If necessary, links are written to the appropriate thread. Shared folders make it easy to share your work. Also, thanks to notifications, it is easy to keep track of file changes.
Since the team is geographically distributed, each of the participants lives in his time zone, so it is important that he could, without further explanation, join the work on the task as far as possible.
If any task causes difficulties, everything found on it is structured and recorded in Rizzoma. Thus, it turns out some kind of knowledge base that allows you to quickly continue work when new information appears.
- Solved tasks are deleted from the list;
- If a task requires the attention of free participants, it is highlighted in red;
- Useful information, such as, for example, the attack vector, can be highlighted in blue;
- Information requiring verification is highlighted in yellow;
- If a flag is extracted from a task, but it requires additional work, the flag is highlighted in green, but the task is not deleted from the list.
At the end of the competition, we have a description of all solved tasks, collected in one place with a clear structure, which simplifies the understanding of the decision process for those who did not take part in it, as well as writing reports and writeup.
Description of the progress of solving some tasks from past events can be read on the websites of the teams:
Smoked chicken
Leet More .
Source: https://habr.com/ru/post/141312/
All Articles