Capture The Flag At BsidesLV

Blog Post created by rapidmb Employee on Aug 2, 2013

Greetings from BsidesLV 2013!


While there are plenty of interesting things to say about the talks at BsidesLV, one of the more interesting things here has been the Capture The Flag contest. This year, the CTF competition is a "Pros versus Joes" event. The concept is simple enough: pair professional penetration testers with a team of security enthusiasts and have them defend systems from a second group of professionals. The official site provides a succinct description:


"The Pros V Joes CTF gives players with a venue to practice their offensive and defensive Information Security skills in a hands-on, live-fire combat environment. Pros work with the Joes to teach them defensive skills and the art of offense in a two day competition. The event is conducted in a private network, accessible only via a VPN."


In all, the event proved to be a lot of fun and I think everybody learned some interesting new defensive and offensive techniques. Our team, The Soggy Sockets, focused on defense for the first day. We executed no attacks and concentrated on a core defensive strategy that included the following components:


Blocking and Containment: This group focused on monitoring availability, identifying areas of attack and erecting a core defense in the form of traffic filtering.


Reponse and Remediation: This group focused on incident response related to restoring and hardening services or other objects under attack.


Core Defense: This group focused on hardening actions and coordination/communication.


In general, this type of strategy works well outside of a CTF event. Rapid7's security services team recommends this approach to any organization looking to improve the effectiveness of their internal security group.


At the end of the day, this approach proved to be highly effective and we handily won the first day's competition. On day two, the rules allowed all teams to perform offense and defense. To that end, some members of Rapid7's security services group provided guidance around attack strategies and continued with our previous defense strategy. When all the bits were back in their cages, The Soggy Sockets emerged as the winner of the event.


Congratulations to the team. I know we all learned at least one new thing. Also, thanks to Dichotomy for managing this circus of malcontents and providing a fun event for all.