Rock The Flag network, CyberSecurity Education, and logging Capture The Flag Experiences

I want to make this as concise as possible, but I haven't written in a while, so stick with me.

Rock the Flag, network, (RTFn) is a project started by myself, and my friends Mike and Nick, designed to help students play Capture The Flag (CTF) competitions. RTFn's goal is improved CyberSecurity education through CTF competitions. We hope to improve CTF experiences with extracted-and-visualized team reports per-event.  The software implements robust logging, with the help of the users, to identify trends. These trends help users identify their team strengths and weaknesses, while profiling each competition they play. At the base of RTFn is an Etherpad (real-time document collaboration on steroids) installation with three major changes.

  • Etherpad Pro Accounts are identified by a session variable, not sub-domain.
  • The Etherpad instance is dedicated to a single group, thus no account separation between Pro Domains.
  • Pads (documents) include additional meta-data relative to CTF competitions.

RTFn Collab Engine screenshot Screenshot of the RTFn Collaborative EngineRTFn models competitions by allowing users to create events (competitions) composed of challenges. These challenges can be abstract: "Broke into Network Service on port 34900" or specific: "Challenge #3". Within each challenge are a number of user contributions, software tools, data, techniques, failures, and successes. We mine these characteristics using twitter-style tagging, and file uploads (both existing Etherpad plugin features). Etherpad records most user actions, so it is possible to replay a team's execution when solving a challenge. Installing RTFn is no different than Etherpad, build, create a database and system account, run. RTFn exists as source code (available on sourceforge), and hopefully soon as a complete Linux ISO. The ISO includes much more than the modified Etherpad.

Features of the RTFn ISO:

  1. Set of weekly CyberSecurity lessons for an introductory team of CTF students
  2. RTFn collaborative engine (modded Etherpad)
  3. Basic tool repository tailored for playing CTFs, not penetration testing
  4. Calendar subscription to global CTF events, allowing submission and control of existing events
  5. Collection of past-competition resources including sample challenges and solutions

Currently #1 and #2 are nearly complete, with #3 and #4 well on their way. The calendaring service will be available directly in the RTFn Etherpad base allowing a team to start recording their CTF experience with a single button. The service will also be available via the RTFn website for those who do not use the collaborative engine or the ISO; as a way to track many CTFs. There are websites which already do some of this WeChallpractice-ctf, and CTF central. WeChall in particular is absolutely fantastic. However RTFn is focusing on active CTFs / cyberwargames and will hopefully break the mold with a "Submit your own" CTF to both gain awareness and help interested teams keep track of their CTF opportunities (or commitments, however you view it).

Just like other contemporary events, our list of demands is abstract. We would like to see more students participating in CTF events, and perhaps clear some ground on the way towards using these competitions as a method for student evaluation (throw away your standardized tests) and university assessment (are CyberSecurity degrees even accredited?) NYU Poly is also focusing on promoting CTF competitions, and using such competitions to complement CyberSecurity education. Their CSAW CTF is one of the most successful university focused CTFs worldwide.  If you're still reading then bravo, please enjoy some of our literature and media!

[PDF] RTFn: Enabling CyberSecurity through a mobile capture the flag client - Initial Paper summarizing the RTFn software and motivation.

[MP4] Beat to 1337: Creating A Successful University Cyber Defense Organization - Presentation on RTFn and our vision for CyberSecurity education.

And of course, time is of utmost importance, download the snapshot now! Why? Here's a secret, there are at least 2 privilege escalation and repudiation vulnerabilities (at the time of posting) which also exist in Etherpad, and they're right next to innocuous comments I've added in RTFn. :P

git clone git:// rtfn-code

Edit: Check this CTF Calendar out!