RALPH » Capture the Flag

Presenter: John Patota
Sponsor: David Blank-Edelman
Presentation date: Nov. 17th, 2005


Capture the Flag is a semi-annual network security contest where we construct a controlled network environment for the sole purpose of exploiting it. Administrators go through the process of planning and creating the topology of a massive network with the assistance of VMware (host virtualization software) and honeyd (faux-service creation software).

We take today's leading server operating systems and implement controlled, documented security vulnerabilities, whose details are unbeknownst to contestants, which are included with their services.

Talks are scheduled prior to competition which overview techniques for securing Windows and UNIX environments as well as attacking methods presented by the contest Admins.

Contestants have 1 day of the 3 day weekend long event to secure their servers and 2 days to exploit their peers' weaknesses. Points are awarded at intervals and are based on the number of services running on the contestants' machine.

In addition to contestant owned servers, an array of non-player computers are virtualized and scattered about the network. These npc's have tangible vulnerabilities and are waiting to be rooted, have scoreable services enabled, and used for further attacking. Virtual switches and other networking equipment are also fair game. At the end of the weekend a victor is announced and fame, fortune, women (or men), and prizes are given away.

While all of this is going on, Administrators monitor the network using various different IDS tools not only ensuring fair play, but experimenting with new techniques of network monitoring and using this experience to further improve the CCIS network and its security.

Postmortem talks are also scheduled after the contest is over where Admins have the chance to review with players tactics which were met with success and failure.

The emphasis of this project is learning. Admins experiment with creating expansive realistic virtual networks, new ways of adjudicating the contest, IDS, and implement common (and not so common) vulnerabilities contestants can learn from. Contestants learn from these situations in a way that is fun and authentic but at the same time, controlled.