My team had a big challenge trying to find information on cyber security CTFs as there was not a single book out there that talks about the CTFs, let alone how to develop one. My group consisted of three people from my cohort, including myself. My capstone project for the MSCSIA became a cyber security CTF in which it is a training tool for school and businesses to ensure cyber security awareness among students and employees. The first CTF at National University gave me the idea to develop and host a CTF for my capstone project for my Masters in Cyber Security and Information Assurance (MSCSIA) program at National University and the OWASP San Diego CTF helped me to develop challenges for my capstone project. The first CTF was the attack-defend style as the second one was the Jeopardy-style. I have also participated in two CTFs at National University as the cohort before and the cohort after mine had developed a cyber security CTF for their capstone project. Both of these CTFs have given me more insight and practice with the tools associated with the cyber security field. I have participated in the 2015 OWASP San Diego CTF and the 2015 National Cyber League’s Fall Season. There are several other CTFs that are available and can be found on the CTFTime website. The National Cyber League (NCL) is another CTF that is for students and faculty of universities and the NCL can be used as a curriculum in order to teach the students about cyber security. Open Web Application Security Project (OWASP) San Diego would usually do a Jeopardy-style CTF once a year that participants are able to learn how to pick locks and use other tools to complete the CTF competition. The team with the most points at the end wins.Īs mentioned before, CTFs are now global and can be online or in the same geographical area. A timer is used to start and stop the CTF and once the timer finishes, the game is over. Some of the challenges can be done against a main server that was developed for the CTF and the flag is inputted into the CTF scoreboard to get points for the team. There are several other categories that can be used. Some of the categories can include Cryptography, Steganography, Physical Security and Scanning.
-Step-11.jpg "capture the flag rules")
There can be more than two teams as the teams are not trying to attack each other. The Jeopardy-style CTF is similar to the actual Jeopardy game as the scoreboard looks like a Jeopardy board with different categories and point values. If there is any rule violation, the team will incur a penalty or be disqualified. They are not allowed to disable any network connections or turn off the machines. The defending team can do anything within the rules to defend their machines against the attacking team. The attacking team is able to use different hacking tools in order to compromise the defending machines but there are rules in place to ensure that the teams are not at an advantage over the other. There are flags (text files, folders, images, etc.) in the defending machines that the attacking team attempts to find as they compromise the machines. Usually, there are two rounds of game play in which one team is the attacking team and the other team is the defending team in the first round and then they switch for the second round.
The attack-defend CTF is where each team attacks the other team’s system, as well as defend their own system.
There are two formats of the cyber security CTF: attack-defend and Jeopardy-style. International teams were competing for different types of prizes and bragging rights. CTF competitions have become global as they did not have any borders and can be done via the Internet. DEFCON had become a platform for a skills competition and as the Internet grew, both DEFCON and the CTF competitions did as well. DEFCON is the largest cyber security conference in the United States and it was officially started in 1993 by Jeff Moss. The very first cyber security CTF developed and hosted was in 1996 at DEFCON in Las Vegas, Nevada. This competition is used as a learning tool for everyone that is interested in cyber security and it can help sharpen the tools they have learned during their training. A cyber security CTF is a competition between security professionals and/or students learning about cyber security. One way of cyber security training is through a cyber security capture the flag (CTF) event. In response to these attacks, security professionals and college students have been through rigorous training as how hackers are able to get into the companies and how to defend against them. Harmon, M.S., CCNA R&S, Security+CE, Cisco ChampionĬyber security is a high priority of companies, small and big, as cyber attacks have been on the rise in recent years.
0 kommentar(er)
