The Evolution of CTF Gamemodes
For the past five years, learning offensive and defensive cyber security skills online has become as attainable as picking up a book from the library. Except these books are not only pages of content; some are full fledged wargame simulations with teams, objectives, scoreboards, and most importantly — honor.
Cyber security education has entered a golden age of rapid growth for incumbent educational leaders and newcoming platforms. Hack the Box, for instance, has recently reached its four-year anniversary. In its first four years, the company has earned a spot as one of the top 25 cyber security companies to work for and gained popularity with over 500,000 users worldwide; all while garnering the respect of companies who admire the involvement of employees that utilize this service.
With growth comes innovation, and gamified security platforms are no exception. This article is not a review on capture the flag gamemodes and iterations, but more of an exploration on existing modes and where we are headed next.
Contents:
Warzone
Not the Call of Duty kind. OverTheWire's Warzone simulates the openness of the Internet in a universe where no consequences exist for breaking and entering into someone else's server. It all takes place within an isolated network comprised of connected servers and devices beyond the scope of most other CTF's available now. If you have a spare VM and want to enter the Warzone, visit the instructions here on how to connect.
Jeopardy
The Jeopardy format is widely used among CTF organizers as an accessible way for security enthusiasts everywhere to compete with minimal computing resources. Much like a normal game of Jeopardy you would see on TV, competitors work their way through a predefined list of challenges and puzzles of varying difficulty. The more difficult, the more points are awarded upon completion. By requiring minimal setup for participants, Jeopardy organizers are able to reach a wider playerbase to play through their challenges.
A variety of platforms can be used to host jeopardy-style CTF games if you don't want to go through the hassle of creating your own. Github user We5ter has compiled a list of the most popular open-source CTF platforms you can setup for your own events.
Attack and Defense
In this mode of CTF, there are two teams of ~10 players that each host a server for their team. The objective is to own the enemy team's server while ensuring yours isn't snagged in the process. It is a classic game of red versus blue, but due to the complexity of setting up events like these, Attack-Defense CTF modes usually aren't as available as the others listed in this article. That is, until Hack the Box launched their Battlegrounds platform.
Hack the Box Battlegrounds is a competitive CTF platform where users can access Cyber Mayhem – HTB's own rendition of the Attack-Defense genre without the hassle of engineering each game's network. In Cyber Mayhem, two teams of up to four users control four servers per team and aim to hack into the opposing team's network. Each team has full SSH access to their own network, but must assess their vulnerabilities in order to protect each machine's secrets.
King of the Hill
First made widely accessible on Try Hack Me's cyber security learning platform, King of the Hill is a CTF free-for-all where a handful of users all target a single vulnerable server in an effort to take complete control over it. Once rooted, users are to patch vulnerabilities and boot hackers out of their system to maintain control over the target machine similar to a cyber parasite. The user who has maintained administrative access for the longest amount of time is deemed winner and the king of the hill. More recently, Hack the Box has launched their newest competitive gamemode, Server Seige, with similar game mechanics. Except in Server Seige, there are two target servers to take control of before your opponents do.
What's Next?
At the time of this writing, these are really the only major CTF gamemodes available to play online or with a team. What kinds of new modes do you think we will be seeing in the future?