CTF Flow Chart
Team Member Specialties
- Beginner -- knowledge at the level of CNIT security classes, such as 121, 123, 124, 127, 128, 129S, 141
- Management -- communications and organization skills, able to lead in a way that inspires others to follow
- Forensics -- knowledge beyond CNIT 121
- Exploit Development -- knowledge beyond CNIT 127
- Recon -- skills with Google, maltego, etc. to find obsure information
- Connections -- has friends who can offer tips
- Coding -- strong skills in languages like Python, C, Haskell
- Web Hacking -- knowledge beyond CNIT 129S
- Cryptography -- knowledge beyond CNIT 141
Pre-Game Recon
Find write-ups of previous games,
read through them, make a quick summary
of important points to distribute to
other team members.
Example: ASIS CTF zips every file with a
strange .xz format; everyone
needs to know how to
open the files.
Pre-Game Organization
A Manager needs to step up, and accomplish
these tasks:
- Make a list of all team members
- Arrange a way to communicate announcements to them quickly
- Arrange a way to get regular progress reports from the team members
During the Game
Manager
Should know what each
team member's schedule is, and generally what
they are working on. This should be accomplished
without irritating people. Ideally, the manager
should be helpful to the technical competitors,
effectively offering advice, alternatives, assistance,
etc.
The manager should have a progress chart like this
as the contest moves along, and a list
of competitors who can be sent to help
people who are stuck.
Contest Recon
Watches the game board and the
IRC channel for useful tips, new problems,
revisions, hints, etc. Also watches for
easy problems that no one is working on,
so people who are stuck can be redirected
to them.
Individual Problem Recon
There are often other related problems from
similar CTFs, and blog posts with tips and
clues. Someone should be searching for tips,
focused primarily on questions that people are
stuck on.
Stuck Workers
People who are stuck on a problem should have
a way to ask for help. Common reasons to be
stuck:
- Can't start -- problem seems to make no sense, can't find any vulnerabilty
- Stuck Partway -- A vulnerability has been found, and some attacks work, but can't get to the flag
- Stuck at the End -- flag found but the game server won't take it
Technical Experts
Competitors work on problems they are experts in,
making progress. As long as things are proceeding,
they should be left alone, uninterrupted, except for
regular status reports to the manager, or
emergency requests for help.
Halftime Break
The team should meet for dinner or lunch
halfway through the competition, so people
can get away from the struggle, get ideas,
and boost morale.
Post-Game Review
A day or so after the game ends, the
team meets to discuss what went well,
what problems occurred, and how to
improve things next time.
Write-Ups
Individual problem write-ups are essential,
and revisions to roles, procedures, etc.
Posted 9-6-16 by Sam Bowne