So today I thought of writing about the CTFs. First, it stands for 'Capture The Flag' and is a special kind of competition in the Information Security field. Basically there are three types of CTFs: Jeopardy, Attack-Defence and a mix of both of them.
Jeopardy Style CTFs
Here, the teams of competitors get a set of tasks in different ranges like Web, Forensics, Cryptography and points will be awarded for each completed task and the number of points awarded for each task differs depending on their complexity and difficulty. In most of the cases, one can go to the next task if and only if they complete the current task like in a chain. At the end of given time, the winner would be the team who has obtained the maximum number of points. A good example for this type of CTF is the Defcon CTF quals.
Attack-Defence CTFs
This is kind of more interesting than the previous type. Here, the teams are each provided a network of computers with vulnerable services in them and they are given a time to patch your services and develop exploits. Then once the organizers of the competition connect all the teams together, the wargame starts. Now you have to defend your services against attacks from other teams to gain 'defense points' and at the same time, you must try to attack other teams to gain 'attack points'. At the very beginning of the timelines, these types of CTFs were the more prevailing kind and the best example is the DEF CON CTF which is almost regarded as the World Championship of all other Capture The Flag events.
Mixed CTFs
Mixed Capture The Flag events can vary from a set of wargames to a set of Jeopardy style CTF tasks. Eg: UCSB.
Some of the areas in the Information Security field covered in most of the Capture The Flag events are as follows:
- Mobile Applications Security
- Reverse Engineering
- Cryptography
- Web Applications Security
Reference: https://ctftime.org/ctf-wtf/