CTF365 – Shaping The Game
A little bit of history
In October 2011, we started the Hack a Server Project, a web security testing platform using the power of crowd sourcing. Hack a Server is a two sided market place where companies deploy their replica servers and hackers try to find vulnerabilities, report them and get paid for what they love to do most: hacking servers, all covered by anonymity and confidentiality. More information here.
Right now, HaS is fully operational and anyone can try it out for free to see how it works. When we were building HaS we had to come up with a solution that could become a spinoff in case things were not moving in the direction that we expected. I have to mention that HaS is not open for business yet because of one simple reason (well, two simple reasons): Terms of Policy and Disclaimer. Those pages have to be crystal clear for all HaS users, no matter if they are pentesters or paying customers (companies that want to test their infrastructure/web apps). We don’t have those pages yet so HaS must wait a little. 🙂
In two articles published on HaS’s blog I was telling our fans about some of the ways that HaS can be used other than what it was designed for. One of many other ways that HaS can be used is as a CTF platform. You can read the articles here and here.
At that time we didn’t think seriously about making a full new product out of HaS’s backend but, in time, the idea of getting a brand new approach for CTF competitions started to become almost obsessive
… and so CTF365 was born.
Well we’ve come up with the idea to use our HackaServer backend for CTF competitions and our goal was to build a virtual lab like never before. We wanted to build the best CTF environment that has ever existed. We wanted to build an internet within The Internet. A place where system administrators and InfoSec guys can act as they do in the real world. Build, hack and defend servers just like in real life. And we are almost there.
CTF365 – Designing The Game
“Will this CTF run 365 days?? And where do we have to host the servers? On private Servers or on servers from you?”
“Dear CTF, can u tell me how will this competition be held??? I mean , do all nations need to sit online at the same time??”
“Will there be additional instructions and/or details about team formations? For instance, if participants want to be part of a team, but do not have a team. Will they be automatically placed in a team?”
“Is the competition launching on December 31st? Any sign-up requirements prior to launch day?”
Those are only a few questions from dozens that we’ve received since we made the announcement about CTF365.
Coming back to our game design, there are a wide variety of scenarios in which CTF365 can be organised and played. Starting with World Wide Championship and ended up with a virtual internet where users can act like they do in the real internet except that they can try to hack everything without being exposed to any danger. A real training ground arena for system administrators and InfoSec professionals, for security students and security training companies. Heck yes, we can do championships between training companies too. It’s all about imagination.
There are a lot of possibilities to design CTF365. We can let people build what ever they like/want while others try to hack into their systems, and we can start having campaigns or championships between countries. There are so many possibilities. That’s why we haven’t decided which to start with. Sure it will be a surprise. 🙂
One of the games we could design could go as follows: Each team will receive a surprise server. A surprise server means that no one knows from the beginning what it will contain. As we specified in our THEGAME Page, it will be flavored with different modules like one or two CMSs, some DBs, an online shop open source module, some web servers like Apache and/or Nginx and so on. All modules included in the default installation.
The teams will have to figure out what their surprise server contain, patch it asap while attacking others. In the end, when you go hunting (hack) you’ll never know what you’ll find. Right?
We’ll have to figure out how can we let individuals play the game too. They will represent isolated hackers like in real life.
All those things regarding best fit design need time and a lot of trial and error. Bear with us, stay connected and help us build this game.
Follow US on Twitter for more updates