Prescient Security at InfoSec North America!

We are pleased to announce that Prescient Security will host a Capture the Flag (CTF) event at InfoSec North America on November 14-15.  Stop by the CREST interactive booth area to see if you’ve got the skills to find all of the flags and win prizes!

Interested in learning more about CTFs? Read on for more information including what to consider when building your own CTF exercise and how they are widely used today.

Capture the Flag (CTF) Competitions

Capture the flag competitions are headlining events at security conferences around the world. Using different types of challenges that can range from quizes, to utilizing real exploits. The exercises require different skill-sets to complete. At DefCon, top hackers team up to duke it out in the annual CTF event which has been described as “The World Series of Hacking”. At BSides events, participants hack all of the things to win CTF bragging rights and prizes.

While these large prize-based events are complex and super competitive, they don’t always have to be public and widespread. CTFs are easy to build at home and are commonly used for practice or evaluation within companies and the security industry.

Building your own CTF

Some instances of commonly used  CTF exercises outside of security conference are: recruiting new employees, interview exercises, local challenges (like Israel’s CyberGym), security education, and corporate events.

When building your own CTF exercise, there are multiple factors to consider. They can be built from scratch or by using an already existing framework then adding the challenges.  Each challenge can fall within several categories, such as steganography, cryptography, mobile OS exploits, application specific exploits, reverse engineering, forensics, programming/coding, and penetration testing challenges.  They can consist of trivia questions, problems that need to be broken down to find a hidden solution, or a system needing to be compromised. The activity can be public/web based or requires physical attendance for participation.

Scoring is also important. Traditionally, CTF exercises are timed, and participants are awarded points based off of challenge completion and the time taken time to complete each challenge. These events are meant to be a series of challenges that vary in difficulty that require participants to exercise different skill-sets to solve.

See you This Week!

If you’re feeling confident, we strongly encourage you to jump in and join Prescient Security’s CTF exercise at InfoSec North America in New York City on November 14th – 15th to try real-world hacking and exploits in a fun/ competitive environment. It’s also a great opportunity to win prizes, network, learn, practices/test various skill-sets, and gain bragging rights!

Fabrice Mouret