Announcement

Collapse
No announcement yet.

Wtf Ctf

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wtf Ctf

    I've reached a level of being almost quasi-serious about participating in CTF, but my dreams just got crushed. I tried to find if Kenshoto has CTF-specific forums and I couldn't find them, maybe because I suck at the Google-fu, but anyway, I'm venting here.

    The way I see it, CTF is fundamentally a game, and pretty much all games have two components: offense and defense. I was extremely interested in playing defense in CTF as I generally consider myself an expert in all things related to building secure network applications, which includes quite a panopoly of skills including protocol/language recognition (using state machine parsers/pushdown automata), concurrency, I/O multiplexing, BSD/POSIX sockets, etc. etc.

    Well, enough blowharding. After talking with the guy most proficient in defense on our local CTF team, I discover that defense is essentially worthless in CTF. You lose nothing for getting hacked to shit. So why even bother? I've put together what I think is an awesome defensive strategy, and thanks to absurdly high level languages I can generally code circles around C programmers, but that's all useless, since putting together the greatest defense possible means nothing if getting hacked doesn't count against you.

    It seems that improving your defense merely makes you a less attractive target, and the other teams' offense will just choose someone easier. It doesn't actually help in any way. That somewhat translates to a real-world scenario I guess, but is CTF really supposed to be a real-world scenario, or a game? If it's the latter, shouldn't having a better defense improve your score somehow?

    That said, a strong defense could be leveraged offensively, since building a defense involves a lot of declarative knowledge about the services and protocols being used, and with functional languages it's easy to turn that declarative knowledge into something that may be useful for the attackers... but I can hardly see that as my primary role, more a secondary thing I could do in addition to defending.

    Anyway, that said I've pretty much lost all motivation to participate in CTF. I just really wish there were a defensive component as well...
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: Wtf Ctf

    Originally posted by bascule View Post
    Anyway, that said I've pretty much lost all motivation to participate in CTF. I just really wish there were a defensive component as well...
    well, the game is always evolving. i can recall years past when they gave awards and prizes to "least owned" and such. maybe they'll reward defenders yet again this year.

    and if not... there's always skoot's Own the Box contest.
    "I'll admit I had an OiNK account and frequented it quite often… What made OiNK a great place was that it was like the world's greatest record store… iTunes kind of feels like Sam Goody to me. I don't feel cool when I go there. I'm tired of seeing John Mayer's face pop up. I feel like I'm being hustled when I visit there, and I don't think their product is that great. DRM, low bit rate, etc... OiNK it existed because it filled a void of what people want."
    - Trent Reznor

    Comment


    • #3
      Re: Wtf Ctf

      From the release:

      "E'ryone who thinks they good should get in on this. If ya don't win, hell, ya
      might learn sumthin'.
      And that's it! Jump into ya so-called web browser and check
      out kenshoto dawt com to get the sheezy all regeezy."

      Along with that, registration ends today.

      I'm pretty sure you could leverage those defense skills into an effective attack strategy, isn't the idea all about bringing what you have to the table and making something great happen from nothing anyway?
      ----------------------------------------
      Fraternal Order of Locksport

      Comment


      • #4
        Re: Wtf Ctf

        Dr. Shoto and associates do an amazing job and have made CTF an awesome event. But it's an attacker event. Defending stuff is hard to make exciting... "Oh look! There's my box! Sitting there, not getting pwned! Whee!" I'm still struggling with it myself.

        The point of Kenshoto is to own other teams more than you get owned, and that's how it's structured. A number of years ago the Immunix folks came very close to winning Root-fu on defense only, and I think that in part is why the nature of the game changed...

        That said, many of your skills would be an asset to any team, and good CTF teams are made up of a broad mix of folks, so give it a shot if you're interested.
        "Raise a toast to ... I think he might have been our only decent ."

        Comment


        • #5
          Re: Wtf Ctf

          Originally posted by sk00t View Post
          The point of Kenshoto is to own other teams more than you get owned, and that's how it's structured.
          What I'm not seeing is how under the present point system getting owned matters at all, short of being a source of points to the other teams.

          A number of years ago the Immunix folks came very close to winning Root-fu on defense only, and I think that in part is why the nature of the game changed...
          Surely there's got to be a way to allow defense to be rewarded (or getting owned to cost you) without allowing for someone to win through defense alone.

          That said, many of your skills would be an asset to any team, and good CTF teams are made up of a broad mix of folks, so give it a shot if you're interested.
          I'm pretty sure you could leverage those defense skills into an effective attack strategy, isn't the idea all about bringing what you have to the table and making something great happen from nothing anyway?
          I'm trying to decide if I want to go to quals. The only way I could be useful offensively would involve a ton of work which would be great for defense (e.g. building a grammar for the protocols of the involved services then using it to generate datagrams with a combinator library like QuickCheck), but that seems like an awful lot of work to go through for something whose primary use would be defensive...
          45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
          45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
          [ redacted ]

          Comment

          Working...
          X