Capture-the-Flag? Jeopardy Style?

Capture-the-Flag (CTF) is a format of computer security competitions that present competitors with authentic software flaws in a progressively difficult, challenge based environment. Figuring out these flaws allows a competitor to recover a bit of secret information called a flag. An example of a flag would be ACI{I_read_the_friendly_docs_4FF8}. No matter how you get the flag you get the points. As in real life, there are often many ways to hack a challenge.

In a Jeopardy Style CTF, these challenges are organized by category (eg. Web Exploitation, Cryptography, Reverse Engineering, Binary Exploitation) with increasing point values for more difficult challenges. The winner is the competitor with the most points, and ties being broken by first to solve.

How can I prepare?

Two specific skills that will significantly help during the competition are a familiarity with operating on a Linux system, and the ability to write small scripts to assist with solving challenges. The wargames on OverTheWire provide a nice introduction to linux, and there are many online resources for learning a programming language such as python. RunCode provides a particularly nice challenge based mechanism with automated feedback.

Another great way to prepare is to solve some CTF challenges! PicoCTF from Carnegie Mellon University, is a great introductory competition that is active all year for training. Don’t let the “targeted at middle school and high school students” bit fool you, the challenges get hard. Another more challenging site is CSAW 365 from the NYU Tandon School of Engineering which consists of challenges from the equivalent of the Undergraduate CTF Nationals. Their companion site CTF 101 has more category specific tips and tricks.

There are also tons of great public CTFs each week. You can find available competitions on CTF Time. Grab some friends or members of your unit and go get some flags.

Can I do All-Army CyberStakes with a team?

No. We intentionally limit the competition to individuals in order to keep an even playing field for everyone regardless of what environment they are in. There are tons of other opportunities for collective events (see above). This CTF is your opportunity to demonstrate individual excellence across the entire Army.

Who else needs to know?

Send a link to this site to your friends and those in your unit.

Send your boss a link to https://www.acictf.com/leaders so they can get this on your training calendar. As long as they approve it Hacking During Work Hours is great.

Do I have to pre-register?

No. However, it is a great way to stay informed and ensure you don’t miss any announcements on things like training, prizes (there indeed will be prizes), or when official site opens. Also it helps us gauge interest, and appropriately scale the infrastructure.

Have a question that wasn’t answered?

Please email us at [email protected]. We would love to hear from you.