banner
破影岚歌

破影岚歌的博客

bilibili
twitter
github
HomeArchives笔记系列关于我捐赠

CTF Competition Mode

#CTF学习笔记225
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
CTF competition modes include theory questions, Jeopardy-style problem solving, Attack with Defense mode, Attack Defense Plus mode, Robo Hacking Game, Real World mode, King of Hill mode, and a Mix mode that combines different formats. Participants compete in various challenges related to cybersecurity to earn points and demonstrate their skills.

CTF competition modes are divided into the following categories:

Main Text#

Theoretical Knowledge#

Theoretical questions are common in domestic competitions and are usually multiple-choice questions. They include single-choice and multiple-choice questions, and participants need to answer based on their relevant theoretical knowledge. The final score is obtained. The theoretical part is usually more common in the preliminary rounds or the pre-selection before the preliminary rounds.

Jeopardy - Problem Solving#

Teams can participate in the competition through the Internet or on-site networks. Teams can interact with the online environment or analyze files offline to solve network security technical challenges and obtain corresponding scores. It is similar to ACM programming competitions and informatics Olympiads, and rankings are based on total scores and time.

The difference is that this problem-solving mode generally sets up "First Blood," "Second Blood," and "Third Blood." In other words, the first three teams to complete the tasks will receive additional scores. So, this not only encourages the team that solves the problem first but also indirectly reflects the team's ability.

Of course, there is also a popular scoring rule that sets the initial score for each question and gradually reduces the score based on the number of teams that successfully answer the question. In other words, if more people answer the question, the score for that question will be lower. It will eventually decrease to a minimum score and will not decrease further. This is generally called "dynamic scoring."

The types of questions mainly include Web network attack and defense, RE reverse engineering, Pwn binary vulnerability exploitation, Crypto password attacks, and Misc security miscellaneous. Some competitions may expand based on the types of questions.

AwD - Attack and Defense Mode#

Attack with Defense (AwD) is a full attack and defense mode. In the AwD CTF format, participating teams connect to the same network space. The organizer will assign a "GameBox" to each participating team in advance, which is the host that needs to be defended. The GameBox configuration and vulnerabilities are exactly the same for each team. Participants need to protect their own GameBox from being attacked while discovering vulnerabilities and attacking opponent services to score points. In AwD, the organizer runs a program called "Checker" to periodically check the running status of the participants' GameBox. If the status is incorrect, the GameBox is considered offline, and a certain score will be deducted according to the rules. The AwD CTF format can reflect the competition situation in real-time through scores. The final result is also directly determined by the scores. It is a highly competitive network security format with high transparency and strong viewing experience. In this format, it not only tests the intelligence and skills of the participants but also their physical endurance (because the competition usually lasts for about 24 to 48 hours) and the division of labor and cooperation among teams.

AwD usually only includes Web and Pwn question types. Each team may be assigned multiple GameBoxes, and as the competition progresses, the earliest GameBoxes may go offline, while new GameBoxes may come online.

ADP - Attack and Defense Enhancement#

Attack Defense Plus (ADP) is a full attack and defense enhancement mode. In this mode, participating teams connect to the same network space. The organizer places questions on the platform, and participants need to log in to the platform to obtain question information.

In the attack mode, the platform provides access links to the questions. Participants can complete the attack by submitting the flag according to the solving mode. After completing the attack, the score for each round will be calculated, including the attack score for the question.

In the defense mode, participants need to discover vulnerabilities in the questions themselves and create vulnerability patch packages to upload to the platform. Then, they need to click on the verification button. During the verification process, the platform will create a completely clean question environment and use pre-set exploits to attack. If the attack is successful and the verification passes (indicating that the patch has been completed), the score for each round will consider the question as defended.

In other words, for each question, it only needs to be attacked successfully once and defended successfully once to be considered completed, and no further attention is needed.

ADP usually only includes Web and Pwn question types. As the competition progresses, the earliest questions may go offline, and new questions may come online.

Compared to AwD, participants in ADP do not need to write batch attack scripts or pay attention to whether the question environment is being attacked or if the service is abnormal, etc. They only need to attack once and defend once, so they can focus more on the questions that have not been completed yet. From the perspective of the organizer, it greatly reduces the hardware and operation costs of the competition.

RHG - Robo Hacking Game [AI Automation]#

Robo Hacking Game (RHG) uses artificial intelligence, AI, or automated attack programs to automatically discover and exploit vulnerabilities, testing participants' understanding of vulnerabilities and engineering capabilities. Before the start of the competition (usually around 1-4 weeks), the organizer will provide a testing environment and related interface documents. Participants need to write automated programs to request interfaces and obtain question-related information. Such programs are usually called "bots." In the program, the target vulnerabilities are automatically accessed and exploited, and the flag obtained is automatically submitted. Since RHG is fully automated by bots, the competition can be considered over once it starts. The remaining work depends on the performance of the automated bot written by the participants.

During the competition, participants are not allowed to perform any operations on the bot (including debugging/patching, etc.). Participants can only see which questions their bots have completed and the current score situation.

RW - Real World#

Real World (RW) first appeared in the RealWorldCTF hosted by Chaitin Technology in 2018. This format focuses on testing participants' ability to discover and exploit vulnerabilities in a real environment. Usually, RW mode questions revolve around vulnerabilities that can be applied to real penetration attacks. Generally, common RW question types include VM/Docker escape, browser attacks, attacks on IoT/Car devices, web attacks, etc.

In the RW format, there is a "Show Time." When participants believe they can complete a question, they can submit an application to showcase it on the competition platform. The staff will schedule the showcases based on the order of applications. Before the showcase, participants need to go on stage and connect to the relevant network. The large screen on-site will switch to the normal page of the target. After confirming the connection and testing, the timing starts. Generally, the time for on-stage attacks is "5 minutes." Once the attack is completed, the large screen will immediately show the effect of the attack. The referee will determine whether the question is completed based on whether the effect meets the requirements. If no display effect is seen within the attack time, the attack is considered a failure. Nowadays, to prevent participants from maliciously scheduling showcases, there is usually a limit on the total number of showcases for each team (for example, in the 2019 Digital Economy Cloud Security Public Test Competition, each team is only allowed to showcase 30 times). Participants also need to ensure a high success rate of attacks after going on stage.

For example, if a question requires attacking a website in the competition network and replacing the homepage with a page containing the team name, the question provides some information about the website (source code, database, etc.). After local vulnerability mining, participants submit a showcase application. When the schedule is reached, they go on stage for the showcase. Note that because the RW mode uses the showcase effect as the criterion for completing the question, there is "no flag" in the RW mode.

KoH - King of the Hill#

King of Hill (KoH) is a new format that has emerged in recent years. This format is somewhat similar to AwD but also different from AwD. Participants face a black box target and need to discover vulnerabilities and control the target through exploiting the vulnerabilities. They need to write their team identifier (team name or token, etc.) into the specified file. Then, they need to reinforce the host on the target to prevent attacks from other teams. The organizer will periodically check the identification file and determine which team to give points based on the team identifier in the file. It can be seen that KoH is also a highly competitive format that tests participants' penetration and defense reinforcement capabilities.

Mix [Mixed]#

The mixed mode combines multiple modes mentioned above. Nowadays, a single format cannot meet the competition and participants' needs, so most competitions use multiple modes simultaneously. For example, participants can obtain some initial scores through problem-solving (Jeopardy), and then increase or decrease scores through attack and defense (AwD), which is a zero-sum game. In the end, the winner is determined by the highest score.

FLAG#

ctfhub{d452bfcf91e0a1f8e4a1b26a03c59c9c}

Author: CTFHub
Link: https://writeup.ctfhub.com/Skill/ 基础知识 /mmJYyc569kAXHvfam4qont.html

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.