CTF365 Alpha Explained
CTF365 Alpha is not about points, badges and fame.
Don’t be afraid that you might get hacked, as that is just part of the game. When we approve hacks, we don’t say that X Team/User hacked into your server. We only say that Y Team/User hacked again.
This is very similar to what you might expect with Facebook, where nobody can see who visits their profile. This simulates real world attacks; many times, attackers are hiding behind a proxy or are using a reflected attack, so you never know who found a vulnerability. Beside this, once you’ve been hacked, you’ll learn how to protect/cover/fix your vulnerabilities. So there is nothing to be ashamed of if someone got into your server. You should be happy, because someone “showed” you a vulnerability. The idea is not to have an impenetrable server right from the start; there are always gaps in protection. The idea is to put your server up, run some services, get hacked, and then figure out how to prevent that from happening again. It is a cycle, and is meant to help with both the offensive side of security, as well as the defensive side.
It’s to test the way CTF365 will mimic the real Internet by its users. This means that being part of Alpha, besides having the opportunity to hack other servers, you MUST build your own fortress/VPS and let it run nonstop. This is meant for us to test the infrastructure, and how our servers handle the fortresses running all the time, as well as the server load from different attacks.
Build your Fortresses
Start to build and upload your web applications and let’s see how well you manage them. We need action, and you must be proud of being part of our Alpha/Beta stage.
We wrote on THEGAME page that your fortress must run at least the following:
- Every Fortress (Base Camp) has to run all major internet services such as SMTP, POP, IMAP, FTP, etc. We will make a list of minimum required services.
- Email client (Horde, SquirrelMail, etc)
- Your Fortress must have at least 2 CMS (content management systems; i.e. WP, Drupal, etc) + specific plugins (Photo albums, SM share (social media share), embedded video plugins and so on.
- Your Fortress must contain at least 3 web applications.
- Your Fortress must run at least 2 different databases.
As you know there are 11,000+ users that would love to be here, build and play with Alpha, so if you aren’t taking advantage of the opportunity, someone else could.
Let your Fortresses run 24/7
The real Internet never stops, so neither do we. One of our major changes compared to present CTFs was that they don’t last because of their design. We promise to build an internet within The Internet. That means CTF365 will run and run and run. The philosophy behind this is that if the Internet never sleeps, neither should ours, so that this can provide a way for all of our users to get real life experience when learning, training or improving their offensive and defensive security skills.
CTF365 is not a game.
At its core, CTF365 is not a game. It’s a “World Wide Training Platform for Security Professionals” that implements the CTF concept and leverages gamification mechanics to show your skills and showcase improvements in information security whether if you are on defensive or attacking side.
I don’t have time to play CTF365
Is not about playing some entertaining game just to have fun. On the contrary, it is for you to train, learn and practice really real, serious information security, “while having fun”. Though your services are always running, it is not necessary to keep an eye on your fortress 24/7. Just let it run, and if it gets hacked, then you can go back and patch as necessary; that’s half the fun – watching your fortress get hacked.
Please understand that No fortress, No activity. No activity, No Alpha stage. If you don’t think you have the time to participate in this stage of the CTF365 release, just let us know so that we can let someone else. It’s very important for the CTF365 community and for us to see everything running so as to gauge how things will perform with over 11,000 users all launching attacks at once..
Let’s Rock ‘n Roll and have fun while learning, training and improving your defensive and offensive security skills.