The Fun and Future of CTF

Andy Davis, Tim Leek, Michael Zhivich, Kyle Gwinnup, William Leonard
2014 USENIX Security Symposium  
Capture the Flag (CTF) is well-established as a computer security contest of skill in which teams compete in real time for prizes and bragging rights. At the time of this writing, [4]-a tracking web site devoted to aggregating team standings across various CTF eventslists 76 such contests, and more spring up each year. But what is the point, exactly? In this paper we detail our experiences in a third year of designing, building and running a CTF for Boston-area undergraduate and
more » ... uate students. This will serve two purposes: first, others desiring to stage such an event can benefit from our experience, and second, the details of our CTF will provide a concrete context for a broader discussion and deeper questions on the value and future of this type of activity. 1 Introduction: What is CTF? Several distinct kinds of Capture-the-Flag events have evolved over the years; however, most are a variation on one of three themes: attack-defend, attack-only, and defend-only. In this section, we give a brief summary and examples of each event type.
dblp:conf/uss/DavisLZGL14 fatcat:j3hg5eatyjgszpg2goyuv232tu