Announcing Google Capture the Flag 2017 (opens in new tab)

(security.googleblog.com)

42 pointssirdarckcat8y ago9 comments

9 comments

This really makes me miss the Stripe CTFs. I'm guessing Google's are aimed more at top security people working together as a team, not to teach ordinary programmers how a buffer overflow acts. I usually got about 80% of the way to a T-shirt in Stripe's.

tptacek8y ago

Check out https://microcorruption.com/.

sjroot8y ago

Hey all, I see a lot of comments asking about getting into CTFs. Trail of Bits has an awesome field guide [1] that I learned a ton from - check it out!

1. https://trailofbits.github.io/ctf/

eemax8y ago

I've never heard of Capture the Flag. Can someone a bit more familiar describe what the format is exactly, or what type of questions / challenges there are? Any examples from last year's competition?

lowpro8y ago

In general CTFs are a list of problems you're trying to solve in a set amount of time, ranging from a few hours to a week or so (and some open CTFs are not time bound, just for learning). They will tell you something (normally very, very minimal info or a hint) and you try to find or figure out a string to 'capture the flag' and get the points for that problem. The harder the problem, the more points you get. The person or team with the most points win.

The types of questions range depending on the CTF and the goal of the CTF. Some of things from the OWASP top 10 (1), while others might have logic problems, math problems, or reference problems where you figure out the answer instead of finding it.

1)https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...

See https://en.m.wikipedia.org/wiki/Capture_the_flag under 'software and gaming' for security CTFs

ehsankia8y ago

I used to participate to a few as a hobby back in my university days. The online ones are generally jeopardy-styled, where you get a bunch of challenges across a variety of categories. Web, Crypto, Stego, Binary Analysis, Reverse Engineering, network packet analysis, etc. There's a bit of everything really, and they also try to have a range of difficulty with an appropriate point system.

CTFTime [0] is a great central hub for finding, tracking and reading about CTFs. After each CTF event, many people publish "writeups" which is basically their "walkthrough" of how they solved each challenge. You can try looking at those to get a rough idea of the various skill sets required for these events. The ctfs github group [1] is filled with them.

[0] https://ctftime.org/

[1] https://github.com/ctfs

kingbirdy8y ago

This seems quite interesting, but as a college student I have no doubt this will be outside my skill level. Any suggestions on similar, but easier CTF and similar events?

fox918y ago

Check out ctftime.org or wargames on wechall.net

avisaven8y ago

Out of curiosity, why would something like this be closed off to people < 18 y/o?

j / k navigate · click thread line to collapse