History of CTF Wiki¶

This section's contenth refers to Dr. Jianwei Zhuge's presentation "The Past, Present and Future of CTF" released on i春秋.

Origin of CTF¶

CTF (i.e. Capture The Flag) starts from the forth DEFON in 1996, which is an alternative of real-world cyber-attack competition games between legacy hackers, and has now become the most popular type of cyber-security competition all around the world.

Early Years of CTF¶

At the time when CTF competitions are at the beginning stage (1996-2001), there were no clear rules, no professionally built platform or environment. Each team need to prepare their own objective (defending their own objective, while attacking opponents' objective). Most of the organizers are just enthusiastic non-professional volunteers who assist in manual scoring.

Due to the lack of an automated scoring system and technical competence among judges, many scoring delays and errors, unreliable network, and improper configuration, such approaches have caused great controversy and dissatisfaction at the time.

"Modern" CTF Competition¶

A modern CTF competition should be held by professional organizers who will manage the competition platform, create challenges, and implement competitions with an automated scoring system.

During the three years with LegitBS organizing the DEFCON CTF competition, a few modifications have been made:

• The competition focuses on the inner workings of the computers, its security features and capabilities. Web exploitation has been completely ignored.
• Various CPU architectures, operating systems, and languages.
• The "Zero-Sum" scoring rule.
• A wider skillset required: reverse engineering, vulnerability discovery, pwning, patching, network traffic analysis, system security, programming and debugging.