Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
What I've Learned Writing CTF Challenges
Search
vito
February 11, 2017
Programming
0
150
What I've Learned Writing CTF Challenges
BSides Tampa, 2/11/2017
vito
February 11, 2017
Tweet
Share
More Decks by vito
See All by vito
Modernizing SQL Injection CTF Challenges
vito
0
120
Raw Water: Quenching Your Thirst for SQL Injection
vito
0
71
Lessons Learned from Five Years of Building Capture the Flag
vito
0
490
Capture the Flag: An Owner's Manual
vito
0
90
Building DEF CON CTF with Ruby
vito
0
600
Other Decks in Programming
See All in Programming
JSAI2025 RecSysChallenge2024 優勝報告
unonao
1
370
Reactive Thinking with Signals, Resource API, and httpResource @Devm.io Angular 20 Launch Party
manfredsteyer
PRO
0
130
マテリアルって何者?RealityKitで扱うマテリアル入門
nao_randd
0
140
Cloudflare Realtime と Workers でつくるサーバーレス WebRTC
nekoya3
0
230
がんばりすぎないコーディングルール運用術
tsukakei
1
180
AIにコードを生成するコードを作らせて、再現性を担保しよう! / Let AI generate code to ensure reproducibility
yamachu
7
6k
TSConfigからTypeScriptの世界を覗く
planck16
2
1.3k
Perlで痩せる
yuukis
1
650
rbs-traceを使ってWEARで型生成を試してみた After RubyKaigi 2025〜ZOZO、ファインディ、ピクシブ〜 / tried rbs-trace on WEAR
oyamakei
0
1k
Feature Flag 自動お掃除のための TypeScript プログラム変換
azrsh
PRO
4
620
コードに語らせよう――自己ドキュメント化が内包する楽しさについて / Let the Code Speak
nrslib
5
910
Babylon.js 8.0のアプデ情報を 軽率にキャッチアップ / catch-up-babylonjs-8
drumath2237
0
110
Featured
See All Featured
How to Ace a Technical Interview
jacobian
276
23k
Build The Right Thing And Hit Your Dates
maggiecrowley
35
2.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
180
53k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3.2k
Stop Working from a Prison Cell
hatefulcrawdad
269
20k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.6k
Into the Great Unknown - MozCon
thekraken
39
1.8k
A designer walks into a library…
pauljervisheath
205
24k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Code Review Best Practice
trishagee
68
18k
Fontdeck: Realign not Redesign
paulrobertlloyd
84
5.5k
Transcript
What I’ve Learned Writing CTF Challenges Vito Genovese BSides Tampa
February 11, 2017
What is CTF?
What is CTF?
Jeopardy Style
Attack-Defense
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
CGC Jargon • Cyber Reasoning System • Proof of Vulnerability
• Replacement Binary • Challenge Binary
BSTies http://bsties.notmalware.ru
CTF Challenges Teams attack it
CTF Challenges Protects something of in-game value
CTF Challenges Ideally: known solvable
CTF Challenges Also ideally: appropriately tricky
None
None
Solving 'em • Correct side of an if statement •
Cracking a code • Using SQL injection to trick a database • Stealing the garbage file from the Gibson
Actually Building One
None
Original Goal
Original Goal
• Given same STDIN • Same STDOUT • Same clock
cycles • Same syscalls
https://xkcd.com/1319/
Why Automate?
None
Thousand Cuts
Thousand Cuts
Thousand Cuts
Actually Building It
Start the First One 1. Set up CGC service-template 2.
Test not-crashing 3. Make binary that doesn’t crash 4. Test crashing 5. Make binary that crashes
First One's Done • Ruby script to spit out 334
binaries • Vary buffer sizes • Vary stack cookie • Python script running game flow
First Set's Done Figure out how to make second and
third sets
Second Set Python script to add stuff to source code
Third Set Python script to rearrange source code
All Sets Done Test the difficulty
Integration Testing With Gyno • Finds a bug in like
30s • Fixing the bug took 30m • (fixing the bug a week prior would've taken 5m)
More Integration Testing kind of weird
easy-prasky • single binary • Baby’s First category • Separate
CRS work from first stab at CGCEF • Hacked to be first in 334 cuts
Deployment • Determine ops requirements • CGC kernel • Python
installed • Open port
Deployment Puppetize it!
Deployment
Running it just kinda worked (once teams Got It)
CTF Challenge Process 1.Idea 2.Build 3.Test
CTF Challenge Framework • Configuration • Build • Testing •
Deployment
CTF Challenge Framework CGC service-template
CTF Challenge Deployment put it on a server lol
It's Just Software
Software Goals Useful Usable Reliable
Useful for Competition Separate teams that solve it from teams
that don't Prefer strong correlation with finals ranking
Useful for Education Teach new players something Get players over
a hang-up
Usable Intended difficulty only Minimize corner cases Unintended vulnerabilities?
Reliable Remain vulnerable
Reliability is Hard Players like to attack Players like to
brute Players like to complain
Reliability is Hard
Reliability is Demanding
Reliability is Expensive If you want it to be
Reliability is Cheap Build software that can be run reliably
Twelve Factor App • VIII. Concurrency • Scale out via
the process model • IX. Disposability • Maximize robustness with fast startup and graceful shutdown
Twelve Factor Challenges • Limit global state • Process per
connection • xinetd ftw • Make adding resources cheap
Adding Resources Automate!
Operations Automation Puppet or Chef for server provisioning
Operations Automation Docker is slow to spin up RunC is
fast
Shared State • Process per connection not always feasible •
Sandwich challenges in 2014 • JRuby & Celluloid slow to start • State still per connection
Shared State • Global state and web challenges • Persisted
XSS • Tricking a global database
Waiting For Your Touch • 2015 web challenge • /r/thebutton
knockoff • JRuby, Rails, websockets, postgres
Waiting For Your Touch
Waiting For The Challenge Slow when not slow 500s Thankfully
during the day
Waiting For Your Touch 1. Took it down 2. Opened
replacement challenge 3. Debugged for an hour
Debugging For Your Touch 4. Leaked and exhausted postgres connections
5. Fixed leak 6. Allocated more connections
Waiting For My Fix 7. Took an hour 8. Gyno
forced a fifteen minute cool-down between "is it fixed" and "it is fixed" 9. Reopened
Most Important Part People are the most important
Respect People • Respect for yourself • Respect for your
team • Respect for players
Respect for Yourself
Respect for Your Team
Respect for Your Team
Respect for Your team Make services easy to keep running
Document!
Respect for Your Team Provide easy to run smoke tests
"Is this exploitable?" should be a one-liner that spits out the flag
Respect for Players
Respect for Players
Respect for Players
Respect for Players
Building Challenges is Software Development Useful Usable Reliable
Reliability Imposes Constraints Limit state Limit dependencies Automate
Respect Is Fundamental Self Team Players
Thanks! Vito Genovese
[email protected]
@vito_lbs GPG B07D616143CAA77B https://legitbs.net @legitbs_ctf