Accession Number : AD1027727


Title :   Strategies Used In Capture The Flag Events Contributing To Team Performance


Descriptive Note : Technical Report


Corporate Author : Naval Postgraduate School Monterey United States


Personal Author(s) : Yam,Wye


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/1027727.pdf


Report Date : 01 Mar 2016


Pagination or Media Count : 115


Abstract : Capture-the-flag (CTF) exercises are useful pedagogical tools and have been employed, both formally and informally, by academic institutions. Much like their physical counterparts, cyber CTF exercises hold pedagogical value and are gaining wide popularity. Existing studies on CTF exercises examined either how they benefit learning, or are best conducted. To our knowledge, no formal study has yet looked at the relationship between the strategies and tactics that the CTF participants employ (as defined by their offensive and defensive tactics), and the performance of participants in these events. In this thesis, we studied network traffic and game state data from the DEFCON 22 CTF event. We developed tools to extract features from large volumes of network data; we then correlated these features with game state data to piece together strategies that the participating teams seemingly employ. We learned that several teams employed effective tactics such as capturing their opponents' exploits from the network to reuse them, employing automation to help with launching their exploits, obfuscating their attacks and attack responses, and attacking the client hosts of other teams.


Descriptors :   CYBER DEFENSE TECHNIQUES , TEAMWORK , performance (human) , computer network security , shell scripts , computer program documentation , situational awareness , computer crime , education , statistical analysis , computing system architectures , information operations , reverse engineering


Distribution Statement : APPROVED FOR PUBLIC RELEASE