HC's Capture the Flag site

Documents

• How to write a CTF service may help you if you've never written a CTF service before.
• I began work on a document called Writing good CTF services in response to some poorly written services written for a CTF I co-organized.
• Talk: Writing Services and Testscripts.
• The CTDO BBQ CTF talk (in German) is available for download.

Things to check out

• Download the gameserver
• We organized a CTF at CCCamp07
• ...and another CTF at EasterHegg '08
• In September 2008, during the 7th MRMCDs, we organized da-op3n in cooperation with TU Darmstadt.
• There will be a CTF at the 25C3.

What is a CTF?

CTF is not about learning how to crack; it's about writing secure software.

Participating in a CTF is but one step toward learing to code more securely. By looking at code from a cracker's perspective, you will learn to pay attention to things when coding that you never considered to be problems before.

Multiple teams participate in a CTF. Each team hosts a server; the teams try to attack each others' services. The services contain artificially crafted classical security vulnerabilities, such as buffer overflows and SQL injections.

A scoring bot periodically checks all services and awards points to the teams if their services run or if they cracked another team's services.

Teams are also encouraged to hack replacements for a service, if they find that a service's design is too poor to be fixed.

---