[Flounder] CTF

Russell Coker russell at coker.com.au
Sat Mar 12 19:01:19 AEDT 2022 

https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)

CTF contests are about completing challenges in computer security.  The 
questions start out easy and get progressively more difficult.  There are 
prizes available but that requires a huge amount of skill and effort.

Some of the CTFs go for about 48 hours, that can be a couple of evenings of 
casually solving computer problems for someone who wants to avoid being at the 
bottom of the list but doesn't care about getting close to winning.  For 
someone who wants to win that's 2 days of non-stop work and little sleep.

I don't have the skill or energy to be in a team that gets close to winning, 
but in previous contests I've ranked about 50th percentile without too much 
effort.

I think it would be good to enter some Flounder teams in future CTF contests, 
not with the aim of winning (if you want to win then good luck but I'm not 
going to join your team) but to learn about software engineering and have fun.

My idea is to have one person with reasonable skills and experience lead each 
team and help the others learn while having fun.  The way to do it would be 
for everyone to independently solve problems at the start (the easy ones), 
have the less experienced people solve the next set of problems with tips from 
the leader, then have the leader take over increasing amounts of the work as 
the problems get harder.

For most people on this list I don't have a good knowledge of their relevant 
skills.  I believe that David is qualified to lead such a team because of his 
experience with Coreboot, different boot loaders, different versions of Unix, 
etc.

The teams for CTFs are often limited to 4 people, so if David and I each led a 
team then we could have 6 people with less experience at low level computer 
stuff work with us for a couple of evenings of relaxing software engineering 
research.

I've run a team like this for past CTFs which was a fun and educational 
experience for everyone without any stress.  My aim is to learn some things 
about software engineering, teach other people some interesting things, get a 
better score than half the teams that enter, and then get a good night's 
sleep.

David could try and join with 3 other younger people who have the endurance 
for serious contests and a good knowledge of computer science and try to get 
in the high rankings.  I think he could do a reasonable share of the work in a 
high ranking team if that's what he wants to do.  But having a relaxing time 
getting half way up the scoreboard might be more fun.

For anyone else who's interested in being a team leader for such things, you 
don't need a strong background in computer security.  But you do need to know 
how computers really work, the way files are stored, the way memory is 
managed, how C programs work, etc are all required knowledge.


Does anyone know of any CTFs being run in the near future?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

More information about the Flounder mailing list