The teamwork during the competition CTF
No, this is not about Quake. The article will be interesting for those who already know what CTF competitions and participated in at least one such event. For those who don't know, CTF(Capture The Flag) competitions in the field of information security, whose main aim is to capture the so-called "flags" which later turn in points.
The competition will only last 24-48 hours, often without interruption that requires the participants to possess great knowledge and experience. Another important factor is the possibility of rapid exchange of information/knowledge in real-time. Thus, CTF can be considered as a compressed model in time of the process associated simultaneously with data analysis, brainstorming, search and exploitation of vulnerabilities, software development.
Usually the competition is held in two forms or variations:
the
We are a United team of two Russian teams "Leet More" and Smoked Chicken (collectively, the "More Smoked Leet Chicken"). The team has scored victories and top places in many international competitions, such as iCTF, Defcon CTF, Mozilla CTF, Codegate, PlaidCTF, etc.
As the number of participants, depending on the competitions can range from 5 to 15 people, with historically, although all of us and connects ExUSSR, we live in different parts of the world, from Oslo to Tokyo, from Kiev to Tomsk, and we needed an effective way to interact over a Network.
To discuss the jobs we have long used IRC. During the CTF we often need to share files, pieces of code, discuss the problem context, so the service Google Wave has also become a useful tool. But Google Wave was and disadvantages — because of the falls on big waves, he could not completely replace IRC. Over time, abandoned IRC in favor of ligaments Skype+GWave. Skype will allow us to exchange files, voice chat, but the discussion still took place separately from the accumulated knowledge and still was not structured, the wave was written only pomace. Although, GWave was not perfect, was imprisoned under entertainment rather than under active discussion of the issue, he was fine with us.
Unfortunately, Google Wave moved into read-only mode in 2012, and soon it will be closed. Thus, before us again the question arose of finding a convenient tool.
We tried the "Walkaround" and "Wave in a box", but the stability and functionality they were too far from his ancestor.
Came to the aid of Rizzoma.com they were able to take the best from GWave, but to give up so many unnecessary things, it was not the social network with the ability to edit text in real time, but rather the tool work in real time with other features in the load.
Although, the full context of the communication Rizzoma is still impossible, the implemented update mechanisms and structuring of knowledge in real time we are completely satisfied.
We have developed a method of forming the structure of the discussion, color-coding.
In the case of CTF Jeopardy type, all tasks are divided into categories, which we use as a primary method of structuring. In the classics, the structure depends on the number and type of services.
The discussion is text or voice on Skype, if necessary, the participants are divided into groups to solve a specific problem, then pomace is written in Rizzoma, where they can read the rest of the team.
To share files are used Dropbox shared folders. If necessary, links are written to the appropriate discussion thread. Shared folders make it easy to share best practices. Also, because of the notification it is easy to monitor the file changes.
Since the team is geographically dispersed, each participant lives in his time zone so he could without further explanation to join the work on the task as possible.
If a task is problematic, all detected it is structured and written in Rizzoma. Thus, it is a kind of knowledge base, allowing you to quickly continue with the new information.
the
After the competition, we have a description of all the solved tasks, all in one place with a clear structure that is easier to understand progress solution for those who have not participated in it, as well as report writing and writeup's.
The description of the solution of certain tasks from previous meetings can be read on the websites of the teams:
Smoked Chicken
Leet More.
Article based on information from habrahabr.ru
The competition will only last 24-48 hours, often without interruption that requires the participants to possess great knowledge and experience. Another important factor is the possibility of rapid exchange of information/knowledge in real-time. Thus, CTF can be considered as a compressed model in time of the process associated simultaneously with data analysis, brainstorming, search and exploitation of vulnerabilities, software development.
Usually the competition is held in two forms or variations:
the
Classic — the team needs to find vulnerabilities in the infrastructure of the opponent, to attack and retrieve flags, while protecting your infrastructure;
Jeopardy — teams are to solve a series of problems of varying complexity, receiving flags as solutions.
We are a United team of two Russian teams "Leet More" and Smoked Chicken (collectively, the "More Smoked Leet Chicken"). The team has scored victories and top places in many international competitions, such as iCTF, Defcon CTF, Mozilla CTF, Codegate, PlaidCTF, etc.
As the number of participants, depending on the competitions can range from 5 to 15 people, with historically, although all of us and connects ExUSSR, we live in different parts of the world, from Oslo to Tokyo, from Kiev to Tomsk, and we needed an effective way to interact over a Network.
To discuss the jobs we have long used IRC. During the CTF we often need to share files, pieces of code, discuss the problem context, so the service Google Wave has also become a useful tool. But Google Wave was and disadvantages — because of the falls on big waves, he could not completely replace IRC. Over time, abandoned IRC in favor of ligaments Skype+GWave. Skype will allow us to exchange files, voice chat, but the discussion still took place separately from the accumulated knowledge and still was not structured, the wave was written only pomace. Although, GWave was not perfect, was imprisoned under entertainment rather than under active discussion of the issue, he was fine with us.
Unfortunately, Google Wave moved into read-only mode in 2012, and soon it will be closed. Thus, before us again the question arose of finding a convenient tool.
We tried the "Walkaround" and "Wave in a box", but the stability and functionality they were too far from his ancestor.
Came to the aid of Rizzoma.com they were able to take the best from GWave, but to give up so many unnecessary things, it was not the social network with the ability to edit text in real time, but rather the tool work in real time with other features in the load.
Although, the full context of the communication Rizzoma is still impossible, the implemented update mechanisms and structuring of knowledge in real time we are completely satisfied.
We have developed a method of forming the structure of the discussion, color-coding.
In the case of CTF Jeopardy type, all tasks are divided into categories, which we use as a primary method of structuring. In the classics, the structure depends on the number and type of services.
The discussion is text or voice on Skype, if necessary, the participants are divided into groups to solve a specific problem, then pomace is written in Rizzoma, where they can read the rest of the team.
To share files are used Dropbox shared folders. If necessary, links are written to the appropriate discussion thread. Shared folders make it easy to share best practices. Also, because of the notification it is easy to monitor the file changes.
Since the team is geographically dispersed, each participant lives in his time zone so he could without further explanation to join the work on the task as possible.
If a task is problematic, all detected it is structured and written in Rizzoma. Thus, it is a kind of knowledge base, allowing you to quickly continue with the new information.
the
-
the
- Solved task are deleted from the list; the
- If the job requires attention free participants, it is highlighted in red color; the
- Useful information, such as, for example, the vector may be highlighted in blue; the
- to be checked, highlighted in yellow; the
- If the job fetched a flag, but it requires additional work, the flag is highlighted in green, but the job is not deleted from the list.
After the competition, we have a description of all the solved tasks, all in one place with a clear structure that is easier to understand progress solution for those who have not participated in it, as well as report writing and writeup's.
The description of the solution of certain tasks from previous meetings can be read on the websites of the teams:
Smoked Chicken
Leet More.
Комментарии
Отправить комментарий