→ Team collaboration during CTF competitions

| 1 Comment | No TrackBacks

(russian version)

No, that's not about Quake. This article will be useful for young teams, who've already tried to participate in CTFs.
If you don't know what CTF (Capture The Flag) means, CTF is a competition in information security field. The goal is getting so called "flags" which score you points.

The competition is usually held in the following formats or their variations:

  • Classic: teams search for vulnerabilities in rival's infrastructure, attack them and retrieve flags, while defending their own infrastructure at the same time.
  • Jeopardy: teams solve tasks of various complexity and
    retrieve flags from them.

A competition lasts for 24-48hrs, non-stop, which requires participants to have strong skills and experience. One of the most crucial factors is the ability to share information in real-time. Thus CTF can be considered a model of a time-condensed process, implying data analysis, brainstorming, vulnerabilities search and exploitation, as well as software development.

Our team called More Smoked Leet Chicken has been combined of two Russian teams - Smoked chicken and Leet More. The team has wide experience of winning and successfully performing in various international competitions, such as iCTF, Defcon CTF, Codegate, Mozilla CTF, Plaid CTF, etc.

Depending on the importance of the competition, the number of team members may vary from 5 to 15 persons. Since most of the team's members reside all around the globe, we need an efficient means of communication via Internet.

We used to use IRC for tasks discussion for a long time. During CTF it's often required to share files, source codes, discuss tasks in context, so Google Wave became a very useful tool for us. Still it had its disadvantages, such as frequent failures of big waves, so it couldn't completely replace IRC. After a while we rejected IRC for Skype+GWave set. Skype allowed quick file sharing and voice communication, but the discussion itself still used to take place apart from the knowledge base we had. The knowledge base also was not structured, the wave contained only short digests. Even though GWave was far from ideal, suitable rather for entertainment than for active case discussion, we were satisfied with it.

Unfortunately, Google Wave has been switched to read-only in 2012, and will be closed soon. Thus, we needed a new convenient tool.

We tried "Walkaround" and "Wave in a box", but in terms of stability and reliability they were way too far from their ancestor. So we signed up for Rizzoma.com since they were able to take all the best from GWave and get rid of unnecessary things. It was not a social network with real-time text editor, rather a real-time cooperation tool with all the rest features serving as addons.

Even though Rizzoma still can't replace Skype, current data editing and structuring mechanisms were good enough for us.

We created our own method for data structuring, that is, color coding. In case of Jeopardy CTF, all the tasks are divided into categories depending on their topic. In Classic CTF the structure depends on the amount and type of services.

Discussions (either voice or text-based) take place in Skype. Team members can spare into groups for discussing specific tasks if necessary. The results of the discussions (knowledge base) are later posted to Rizzoma for other team members to read.

We use "Dropbox" shared folders for file sharing. Links are posted into the corresponding wave, if necessary. This allows sharing our ideas easily. It is also very easy to track file modifications due to notifications.

Since the team is geographically distributed, each team member lives in his own time zone. Therefore it's important that everyone can quickly jump into task solving process without lasting explanations from other team members anytime.

In case a task causes difficulties, all it's data are saved into Rizzoma and structured. Thus, we have a knowledge base, which allows us to continue working on a task as soon as new information appears.

In the end of the competition we have a description of all the solved tasks, combined in one place with clear structure. This makes understanding of tasks solving process easier for those who did not take part in the competition. It's also easier to create reports and write-ups this way.

No TrackBacks

TrackBack URL: http://smokedchicken.org/m/mt-tb.cgi/73

1 Comment

Have you guys checked out rtfn? (http://sourceforge.net/projects/rtfn/)

I keep meaning to try it with HatesIrony but we tend to just stick with tried and true IRC, wiki, and even attachments on mailing lists.

Nothing fancy, but we're lucky I'm that we tend to have the majority of the team collocated in a small number of locations and rely in some designated points of contact who try to be extra good about handling cross-site communications.

This year for Defcon Quals might be a change though since we could have as many as seven different locations involved. Might be time for something more robust.

--
numatrix/psifertex

About this Entry

This page contains a single entry by kyprizel published on April 5, 2012 1:16 AM.

ructf2012 - Unsupported method was the previous entry in this blog.

CODEGATE 2012 Prob #1 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.