Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Security Capture the Flag Competitions

Many people look at capture the flag competitions with varying reactions. Some look at them as ways for groups to show off. Others look at them with disdain wondering why someone would want to brag about the ability to break into computers. There are a very large number of who view the participants with a some measure of awe. They take the attitude of "I could never do that".

The most famous security capture the flag competition is held each year at the Defcon Security Conference. I have been attending Defcon for 11 years now, and that competition has always been one of the highlights of my experiences.

During the first couple years, I would wander into the competition area, and watch, hoping someone would tell me what was going on. The teams participating would see me first as a spy looking to gain information from them. They would shoo me away. Trying to watch their screens didn't go over much better. Once in a while I would be able to talk to one of the team "members" who wasn't really participating, but their knowledge of how the game actually worked was limited. The organizers didn't exactly see a benefit to providing information to the public either. It is my belief that more than a little of this attitude stemmed from them wanting to maintain an air of mystery around the competition. And with all the work I know they put in to make both the qualification round, and the main competitions a success I think they deserve a little swagger. Kudos to DDtek, the group who has been organizing the competition for the past couple years.

I got my first big break when a friend was invited to play with a team who was short-handed. He vouched for me, and for the first time I actually found out how the game worked. I got to help with reversing a service, and weaponizing a vulnerability into something that we could use to score points. We didn't win, but that gave me a taste of what it was all about.

The next year I was invited to try to compete as part of a team local to my area. We came close to qualifying a couple years in a row, but didn't quite make it. Each year we would tell ourselves that maybe it was for the best since we weren't terribly confident that we could put on a good showing. Besides CTF takes a lot of work, and we weren't sure we were committed to devoting that much potential party time. But every year members of our team were able to latch onto another team, and work with them. These teams didn't share all of their "special sauce" with us, but at least we got to see what was going on each year.

On the plus side we got to see a bit about the what would be needed from an organizational standpoint. We saw things that worked. We saw grand ideas that ended up flaming out. And most importantly we got to learn from each other.

That is probably my favorite part about these competitions. As a consultant I spend much of my time working on various pieces of security for clients. I sometimes have the chance to develop custom tools and techniques for a given situation. Unfortunately they are almost always tied to a specific client, and I can't share them without revealing information that isn't public. In the same way, many of my peers know some really cool things that they can't teach me because we don't have the right environment. Capture the flag is great because we get to work together without worrying about industry competition issues. We can share techniques, tools, and experiences that we can apply to the benefit of our future clients. We all come away with new skills, and a greater motivation to finish of that project that would have made all the difference for our team.

This year my local team was able to qualify. In future posts I will be covering more about the setup of the Defcon competition. I will talk about how qualifications work, and some of the stresses involved in it. I will also share what it's like being on the other side of the table, trying to work on something that is consuming all of my attention while spies are trying to weasel information out of me.

Hopefully someone may find it interesting and might even look into connecting with a team. You can never have too many people.

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More