CTF Full Form
CTF stands for “Capture the Flag” or the full form of CTF is “Capture the Flag” in Teaching and Training.
Using Capture the Flag for Teaching and Training
Quick show of hands– which of the people here is here just because of the word “Capture the Flag”? Who is here because of the “Teaching and Training”? The rest of you just chose the least of all evils. Either way, thank you for being here ;)
An information security Capture the Flag is a simulation of a real-world situation in which participants are given the chance to test and develop their technical skills.
This example is how I built the CTF for an undergraduate computer security course that is taught by me. All components shown on the diagram are virtual machines running one a dedicated hardware platform. I used Virtual Box to run the machines. In order to not mix hostile traffic with production traffic, students would connect to a dual-homed SSH bastion host, and from that, to the target network. All attacks are launched from a single (shared) Backtrack 5 R2 images on which the students all have root access. The right-hand side of the diagram contains hosts that are available all semester long, while the right-hand side is a final project. With the exception of the bastion host, all virtual machines revert to a known-good state once per hour.
In a multi-user simulation, decide if participants share credentials, or if they have their own.
While all students have root on the BT5 system in the previous example, they will still log in with a dedicated account from which they elevate with sudo. Syslogs are sent off-network.