What ctf that?
In explanation Baidu Encyclopedia, CTF (Capture at The Flag) Chinese commonly translated as Capture the Flag game, in the middle of the field of network security is one kind of athletic competition in the form of technology between network security and technical personnel. CTF originated in 1996 DEFCON hacker conference worldwide, hackers technology competition by initiating another way instead of real attacks before. Today, network security has become a worldwide circle in the form of popular contest, in 2013 the world held more than 50 games CTF international competitions. The DEFCON CTF as the birthplace of the competition system, DEFCON CTF CTF competition has become the current highest level of technology and global influence, similar to the CTF arena in the "World Cup."
With a white own words, it is part of computer-related professionals, computer chiefs, computer enthusiasts "math contest" or a "game", listening to the very tall indeed the kind of little things game. If you use a little simple words, it is similar to the high school mathematics competition, with some special methods (tools) to seek the solution of this question (flag), as well as offensive and defensive game, which is inside the line LOL very basic test of the line, at least make up a knife (knowledge) is better, some other offense, defense depends on the two sides of the line, talking on the line, then there is the position of the argument, that is, you're good at or on the playing field single, ctf correspond to the types of questions that you're good at, because the more knowledge ctf involved, it is recommended to find a location (the direction), love alone took, of course, if you are a king, comprehensive development can be ;
CTF contest specific mode is divided into the following three categories:
First, the problem-solving mode (Jeopardy)
In problem-solving mode CTF competition system, the teams can participate via the Internet or on-site network, this model CTF contest with ACM Programming Contest, Informatics Olympiad relatively similar, score and time to address the technical challenges of network security topics to rank, commonly used for online trials. The main topics include reverse, loophole mining and utilization, Web penetration, password, forensics, steganography, security, programming and other categories.
Second, the offensive and defensive mode (Attack-Defense)
Offensive and defensive mode in CTF competition system, the teams with each other in cyberspace attack and defense, mining and network services vulnerability to attack opponents score service, repair service vulnerability defend themselves to avoid drop points. Offensive and defensive mode CTF competition system in real time by the score reflected the game situation, and ultimately a winner with a score of direct, intense kind of competition, the competition system with network security and highly ornamental highly transparency. In this game system, the team members than just intelligence and technology, than physical (usually because the game will continue for 48 hours or more), as well as the division of labor and cooperation between teams ratio.
Third, the mixed mode (Mix)
CTF competition system combines the problem-solving mode and the mode of attack and defense, for example, teams can get some initial score by solving problems, and then increase or decrease the score of a zero-sum game by offensive and defensive combat, the final score of the level of a winner. Typical hybrid model CTF competition system as iCTF CTF international competition.
CTF kinds of questions (for line position)
A, Web
Second, the binary (general)
Third, miscellaneous
PS: the title of foreign CTF game type is usually binary program analysis and exploits, supplemented Web, cryptography, and other miscellaneous issues. While the domestic title race CTF is usually Web-based penetration, coupled with a number of contrarian analysis, supplemented by some aspects of the subject exploits, cryptography.
Frequently Asked Questions in the CTF (the hero of the common line)
A, Web
- sql injection
- xss
- File Upload
- Inclusion Vulnerabilities
- twentieth
- ssrf
- Command execution
- Code audit
二, PWN
- Remote Server service attack
- Binaries will provide service program
- Vulnerability analysis and write exp
- Stack overflows, heap overflows
- Bypass the protection mechanism (ASLR, NX, etc.)
Three, REVERSE
- Reverse
- Crack
Four, CRYPTO
- Classical password
- Modern cryptography
- Create their own password
Five, MISC
- Steganography
- Programming algorithm
- analysis
- Obtain evidence
- decoding
- Wait…
What ctf participate in the game need to have?
First, have a certain foundation and some basic knowledge of the language ctf (good at certain areas, such as binary)
Because too many questions involved in the game, industry specializing in surgery, so let's have a direction of development, good at one aspect, then for some to understand some other direction; I'm good at, such as single, ad, but I will play a little wild, single, secondary; the language is based must be sure to see the selected terms, here say no more;
Second, a "line of 5v5" team
Capable of division of labor, play groups together; father, like disk viewer clear, you're probably on the line, did not notice the arrival of playing field, and this time his teammates can remind you to the playing field (that is, for some questions, you may fell into a pit, pit teammates can help you take off, the viewer disk clean!)
Third, the body can stay up all night
King is around 15-20 minutes a game, LOL is about 30-40 minutes, CTF is usually 48 hours, so there can be a liver body how important it is;
