Strategies Used In Capture The Flag Events Contributing To Team Performance

reportActive / Technical Report | Accession Number: AD1027727 | Open PDF

Abstract:

Capture-the-flag CTF exercises are useful pedagogical tools and have been employed, both formally and informally, by academic institutions. Much like their physical counterparts, cyber CTF exercises hold pedagogical value and are gaining wide popularity. Existing studies on CTF exercises examined either how they benefit learning, or are best conducted. To our knowledge, no formal study has yet looked at the relationship between the strategies and tactics that the CTF participants employ as defined by their offensive and defensive tactics, and the performance of participants in these events. In this thesis, we studied network traffic and game state data from the DEFCON 22 CTF event. We developed tools to extract features from large volumes of network data we then correlated these features with game state data to piece together strategies that the participating teams seemingly employ. We learned that several teams employed effective tactics such as capturing their opponents exploits from the network to reuse them, employing automation to help with launching their exploits, obfuscating their attacks and attack responses, and attacking the client hosts of other teams.

Author(s):
Yam, Wye
Author Organization(s):
Naval Postgraduate School Monterey United States
Descriptive Note:
Technical Report
Pagination:
0115

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:
Approved For Public Release
Distribution Statement:
Approved For Public Release;

RECORD

Collection: TR
Subject Terms
Joint Capability Areas:
JCA_6.4.1_Secure Information Exchange; JCA_6_Net Centric; JCA_5_Command and Control; JCA_6.4_Information Assurance; JCA_5.3_Planning; JCA_6.1_Information Transport; JCA_7_Protection; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_5.3.3_Develop Strategy; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_5.3.2_Apply Situational Understanding; JCA_5.2_Understand; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_1.2.5_Lessons Learned; JCA_4.2.2_Inventory Management; JCA_4.2_Supply
Modernization Areas:
5G
Communities of Interest:
Cyber
Descriptor(s):
CYBER DEFENSE TECHNIQUES, TEAMWORK, performance (human), computer network security, shell scripts, computer program documentation, situational awareness, computer crime, education, statistical analysis, computing system architectures, information operations, reverse engineering
Keyword(s):
ctf(capture the flag), DEF CON CTF
Report Date:
2016 Mar 01
Creation Date:
2017 May 10