Top tools and resources for running a capture the flag competition

Capture the flag competitions can help improve security skills and identify talent. Use these tools and frameworks to design and run your own CTF event.

To stop the cyber-attacker, you must think like the cyber-attacker. This is a skill that needs practice, and to get that practice, hackers created capture the flag (CTF) competitions, where they compete to p0wn servers and gain cred.

It wasn’t long ago that such activities were of questionable repute and legality. It’s all out in the open and very respectable these days, even if participants adopt an alias and play Bond villain.

CTFs for enterprise security staff are a win-win for the white hats. Security personnel learn new techniques, practice tackling challenging scenarios, and network with others in the security community. It doesn’t stop there.

Bobby Kuzma, director, cyber threat strategy and enablement for IT automation and security software vendor HelpSystems, says “I see a decent number of enterprises actually use CTFs as part of their community outreach and recruiting strategies. It helps get people, especially students, excited about cybersecurity, and identifies promising non-traditional candidates.”

You can find many lists of CTF resources with a simple web search; a large number of them are on GitHub. Some of the resources are for building CTFs and some help those who are competing, and there is a good deal of overlap. A few examples include awesome-ctf, AnarchoTechNYC and zardus.

The largest set is hacking resources. All hacking resources, defensive and offensive, are CTF resources: source and binary static analysis, packet capture, debuggers, decompilers, heap visualizers, hash crackers, image editors and network scanners. All security experts have their own sets of favorite tools, but a CTF may challenge them to find new ones.

One personal favorite resource of mine is Didier Stevens and his tools. Didier’s original specialty is tools to analyze PDFs, Microsoft Office documents and other complex data files, many of which are used to perpetrate attacks. His collection is much more varied now. You can find them all in his GitHub repository. They are invaluable for examining and creating malicious files.

Types of capture the flag events

I’ll get to other tools that are more specifically geared toward CTF, but first, let me review the two main styles of CTF: attack-defend and Jeopardy-style.  

In an attack-defend competition, there are two teams, each with a computing environment, which may be as simple as a single server. Each team tries to attack the other’s systems and defend their own from attack. Each system contains a number of informational flags that the attacker tries to find and capture. This is where the name “capture the flag” comes from (that and the traditional outdoor game).

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!