Several weeks ago, we had a lot of questions about Capture the Flag events (CTF’s) , so CyberUp invited Jason Scott to host a webinar on “What in the world is a Capture the Flag (CTF) competition in cybersecurity?”  We had a great discussion that day, and really appreciated Jason Scott hanging out with us. So what is a CTF anyways?

WHAT IS CAPTURE THE FLAG (CTF)?

CTF stands for Capture the Flag, a game consisting of security and hacking related challenges where teams or individual players have to “capture flags” to score points. Flags can generally be captured by solving challenges or by hacking systems. There is great value that can be found from participating in CTF’s, including learning, personal development, and teamwork. In practicing for the competitions, participants learn the cybersecurity tools, skills, and knowledge needed to be a cybersecurity professional. They develop these skills in the practice modules and in the competitions themselves. Teamwork is crucial in most CTF’s (some allow for individual play) due to the problem-solving tasks the participants face in the challenges. All of these activities prepare CTF participants to sit for industry-approved certifications, which can lead to taking a job in the cyber industry. 

BENEFITS OF PARTICIPATING IN A CTF

A student that has participated in our CTF’s for more than one season improves their college and job chances in cybersecurity and computer or information science. The skills, knowledge, and tools the students learn in the competitions are the same that real-world cyber professionals use. In addition, teamwork, collaboration, self-learning, and independence are attributes that our participants gain. By participating in our CTF’s, students are making themselves invaluable to future employers. We find this especially to be true with young women. It is an unfortunate fact that many young women give up on the idea of a career in a STEM-related field by the time they are in middle school. We encourage young women to take part in our CTF’s to improve the number of women in STEM careers, more specifically in cybersecurity. The field is currently dominated by bearded white males, and we would like to see more diversity in the cyber industry. It is a proven fact that diversity encourages teamwork and collaboration, and the cybersecurity industry runs on those attributes.

MOST COMMON TYPES OF CTF’S

  • Jeopardy-style trivia – Presents the players with a Jeopardy-like board of questions with different point values. This type is commonly used in educational settings.
  • Attack-and-Defend – In an Attack-and-Defend scenario, one team is attempting to hack into the system or network of the other team, who is trying to defend themselves. 
  • King of the Hill – This competition has multiple vulnerable servers ready to get exploited that do not belong to any group. Also, teams do not have their own servers to defend as in Attack-and-Defend scenarios. The teams are called upon to break vulnerable servers and if they do, the first team is rewarded with the original conquering points to acquire the server. They are then asked to defend this site from rival teams by patching the vulnerabilities. The team that manages to break into the server and then maintain access to it is rewarded with the most points. 
  • In a Linear competition, challenges need to be solved in a linear order. Typically, the challenges are narrative and present a story with multiple challenges that need to be solved in a specific order. 
  • Mixed/combination – To make things even more complicated, there are combination versions of CTF’s as well that combine Jeopardy-style questions with attack-and-defend scenarios. This is how our CTF is set up, the PowerUp: Cyber Games, as a combination. We have found that the combination of the two types is most effective in not only teaching cyber skills, but also reinforcing them. 

So now that we have de-mystified the idea of a CTF, what’s stopping you from trying one out? There are many available online, some paid and some free. And if you happen to be in middle school or high school, you can join our PowerUp: Cyber Games. Navigate on over to https://wecyberup.org/powerup to learn more!