CTF Design Guidelines

 

Design guidelines for CTF authors and organizers

https://bit.ly/ctf-design

 

The ideas collected here come from the feedback and ideas from niklasb and tsuro from ESPR, icchy from TokyoWesterns, fox from Tasteless, l4wio from MeePwn, orange from HITCON, StalkR from TeamBaguette, albinowax, plus organizers of Google CTF. Some design ideas were inspired by the book Puzzlecraft from Selinker and Snyder.

For feedback, contact the author on twitter or comment directly on this document here.

Challenge Design

Design Models

Effect/Method Model

Exploration Model

Hybrid Model

Task Lifetime

Discovery

Triage

Local Reproduction Setup

Research

Deobfuscation

Analytical Problem Solving

Exploitation

Design Considerations

Experience

Inspiration

Positive Inspiration

Negative Inspiration

Complexity

Other Design Considerations

Real Vulnerabilities

Challenge Diversity

Specialized Knowledge and Resources

Challenge Reuse and Multi-flag Tasks

Scoring Systems

Static Scoring

First-blood Bonus

Dynamic Scoring

Logarithmic formula

Score recalculation

Declining scale (and speedruns)

Multi-stage Tasks

Operational Considerations

Challenge Release Schedule

Attacks and Cheating

Clues and Hints

Implementation Problems

Broken Challenges

Unintended Solutions

Possible Actions

Turn Taking

Web tasks with an XSS bot

Offline tasks with a hardware component

Real-life tasks with a stage presentation component

 

 

arrow
arrow
    文章標籤
    CTF Design Guidelines capture the flag how
    全站熱搜
    創作者介紹
    創作者 Davidhu127 的頭像
    Davidhu127

    I Stand Up For Myself

    Davidhu127 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄