Let the games begin: Today, Tuesday, the 48-hour "Capture the Flag" event of the FluxFingers group starts at the computer security conference Hack.lu. Teams from all over the world will try to solve problems in the IT security mindset at the Computer Security Hacking Game. It starts on Tuesday, 22 October, 12:00 noon (German time), and ends on Thursday, 24 October, also at 12:00 noon (German time). Teams will be local in Luxembourg, but it is also possible to participate online.
The FluxFingers, the official CTF team of the Ruhr-Universität, are now hosting the event at Hack.lu for the tenth time. Most of the members are students of IT security at the Ruhr-Universität who enjoy playing games and can thus apply the theoretical contents of their studies in an exciting way. The FluxFingers are preparing between 20 and 35 challenges for Hack.lu in the weeks leading up to the conference in Luxembourg. Some of my ideas are based on lecture content," explains Andre Pawlowski, who has already helped shape several CTFs. But also current research results, private interests or already uncovered security gaps provide material for the tasks. "A lot has been copied from the real world, but simplified for the challenge, reduced to the problem," says Pawlowski. This year, topics from the areas of crypto, web security, reverse engineering and binary exploitation will be included.
A basic knowledge of IT security is therefore an advantage. The event is designed to be fun even for beginners. "We make sure that there are as many challenges as there are challenges for beginners and professionals," says Lukas Knittel, who has been preparing the CTF in the team for the last few weeks. The tasks are designed in such a way that they can actually be solved within 48 hours. Meaningful hints help on the way - you just have to recognise them. "Bad challenges are characterised by the fact that you have to guess a lot or have a lot of luck. We don't want that," adds his team colleague Paul Gerste.
The FluxFingers' CTF is divided into small units that can be solved independently. The scoring, based on the number of solutions, is dynamic. It runs in real time and can also be viewed on the web (fluxfingersforfuture.fluxfingers.net from 12 noon). Put simply, this is how it works: The more teams that solve a task, the lower its score in the points ranking - but the system is designed so that no team goes home with minus points, the FluxFingers explain. At the beginning there is a small "Welcome Challenge", so that the teams are actively switched within the point distribution. If you are there, you can even win something. For the online teams there are points that score in the official "CTF-Time" rating.
If you take a look at this overview page, you will see that "Capture the Flag" has found many fans in the meantime. The best known competition takes place every year at the popular DEFCON hacker conference in the United States. The CTF there runs in a different game mode: Here the teams have to hack specially built networks or servers, while they have to defend their own permanently against the attacks of the others. Members of the Bochum Fluxfingers have participated this year with the German team "Sauercloud" with a considerable success: They have reached the seventh place of the CTF.
If you want to try out the CTF for yourself, the FluxFingers with the "FluxRookies" offer beginners' challenges. More information under fluxfingers.net.