Explore the insights gained from writing Capture The Flag (CTF) challenges in this 43-minute conference talk from BSides Tampa 2017. Delve into various aspects of CTF challenge creation, including Jeopardy-style and Attack-Defense formats. Learn about the original goals, the "Thousand Cuts" approach, and the importance of integration testing. Discover the CTF challenge process, framework, and deployment strategies. Examine software goals, focusing on competition utility, educational value, usability, and the complexities of reliability. Understand the application of Twelve Factor App principles to CTF challenges and the significance of operations automation. Gain perspective on shared state management, debugging processes, and the importance of respect in challenge development. Recognize that building CTF challenges is a form of software development, with reliability imposing constraints and respect serving as a fundamental principle.
Overview
Syllabus
Intro
Jeopardy Style
Attack Defense
CTF Challenges
Original Goal
Thousand Cuts
Start the First One
Second Set
Integration Testing With Gyno
More Integration Testing
CTF Challenge Process
CTF Challenge Framework
CTF Challenge Deployment
Software Goals
Useful for Competition
Useful for Education
Usable
Reliability is Hard
Reliability is Demanding
Reliability is Expensive
Reliability is Cheap
Twelve Factor App
Twelve Factor Challenges
Operations Automation
Shared State
Waiting For Your Touch
Waiting For The Challenge
Debugging For Your Touch
Waiting For My Fix
Respect People
Respect for Yourself
Respect for Your Team
Respect for players
Building Challenges is Software Development
Reliability Imposes Constraints
Respect Is Fundamental
