Accession Number : AD1027727

Title :   Strategies Used In Capture The Flag Events Contributing To Team Performance

Descriptive Note : Technical Report

Corporate Author : Naval Postgraduate School Monterey United States

Personal Author(s) : Yam,Wye

Full Text :

Report Date : 01 Mar 2016

Pagination or Media Count : 115

Abstract : Capture-the-flag (CTF) exercises are useful pedagogical tools and have been employed, both formally and informally, by academic institutions. Much like their physical counterparts, cyber CTF exercises hold pedagogical value and are gaining wide popularity. Existing studies on CTF exercises examined either how they benefit learning, or are best conducted. To our knowledge, no formal study has yet looked at the relationship between the strategies and tactics that the CTF participants employ (as defined by their offensive and defensive tactics), and the performance of participants in these events. In this thesis, we studied network traffic and game state data from the DEFCON 22 CTF event. We developed tools to extract features from large volumes of network data; we then correlated these features with game state data to piece together strategies that the participating teams seemingly employ. We learned that several teams employed effective tactics such as capturing their opponents' exploits from the network to reuse them, employing automation to help with launching their exploits, obfuscating their attacks and attack responses, and attacking the client hosts of other teams.

Descriptors :   CYBER DEFENSE TECHNIQUES , TEAMWORK , performance (human) , computer network security , shell scripts , computer program documentation , situational awareness , computer crime , education , statistical analysis , computing system architectures , information operations , reverse engineering

Distribution Statement : APPROVED FOR PUBLIC RELEASE