The annual Secureworks® Threat Intelligence Summit took place on June 30, 2020. The event marked two firsts: we went virtual due to the ongoing pandemic, and we hosted a capture-the-flag (CTF) cyber competition for attendees. The competition generated substantial interest. The 161 competitors from both industry and academia represented nearly 20 percent of summit attendees. Many participants indicated that the competition was a key reason for attending the summit. When asked what could be improved about the summit, one respondent replied, “Nothing! Nice variety and fun CTF!”
Constructing the competition
Developing the five-hour cyber competition took approximately three weeks and involved substantial coordination and project management. The first step was to solicit CTF contributors.
The contributors included about a dozen members of the Secureworks Counter Threat Unit™ (CTU) research team: intel analysts, reverse engineers, infrastructure developers, technical writers, and leadership staff. Team members were eager to take a break from their routine to create some fiendish challenges. Several contributors had built or participated in competitions before, which inspired many ideas and passionate discussions about the Secureworks CTF format.
After establishing the team, we set up a chat-based communication channel and other collaboration mechanisms. A spreadsheet tracked the challenges as they were created, vetted, and entered on the CTFd platform. We also created a shared folder for the challenge files, which ranged from binaries to packet captures to memory dumps to image files. For each challenge, we documented the following details:
Challenge question (e.g., What gaming platform is delivered at IP address 5.62.117.121?)
Challenge answer (e.g., Minecraft)
Category (cryptography/steganography/encoding, web exploitation, forensics, log analysis, malware/reverse engineering, open source intelligence, reconnaissance/scanning/enumeration, threat intel, trivia, or other)
Difficulty level (easy, moderate, or hard)
Po ..
Support the originator by clicking the read the rest link below.
