Transplant from: http://ctf.forgottensec.com/wiki/index.php
This is the beginning of the construction of a wiki for information about various CTFs and InfoSec Competitions. I had it set for OPEN EDIT, but jerks from the Ukraine decided to deface my site a bunch times this week. Now you need an account to make edits. Feel free to use the information and/or register and contribute. My current focus is getting information about each competition, but as I have more time/help, I will be writing labs for each subject needed for these competitions. If you have any questions, feel free to email me at Forgotten {at} forgottensec {dot} com
The InfoSec field has a very strong community. Moving with those sentiments, I have decided to dedicate this wiki to organizing competition information for CTFs. These competitions help the skills of community to be passed along in a fun and enjoyable way. As many of us are love solving challenges, CTFs are a natural step to learn and improve. Getting started with CTFs can be daunting, I hope that the information within helps people to improve their skills and become a stronger part of the community. In turn, I hope as people improve, they come back and contribute to help others.
The main types of challenges are:
- Red Team/Attack
- Creator sets of network of targets for attack
- Sometimes different teams attack the same set of targets creating collisions, sometimes not
- Blue Team/Defense
- Creator sets up a vulnerable network
- Players inherit the network, sometimes knowing what they are inheriting, sometimes not
- Jeopardy Style
- Jeopardy Scoreboard with different categories and questions of different difficulty
- Almost always allow multiple people to submit answers to all questions
- Typically starts with only easiest questions opens and forces you to solve a easier one in a given category to open the next question (otherwise time-delayed opening for higher value questions)
- Mixed
- Fun
- Learning experience (Practical Hands-on) - For both creator and player
- Testing of a new product
- If only more companies did this, products might be more secure and better usability
- What if you could do security testing for the price of a simple prize
- Hiring - Resumes are great, but how do I know who can do what I want
Calendar is in East Coast Time Zone
<iframe src="https://www.google.com/calendar/embed?src=ofl0f1624c3uk349c8k7r1cgv8%40group.calendar.google.com&ctz=America/New_York" style="border: 0" width="800" height="600" frameborder="0" scrolling="no"></iframe>- ThreatSpace - Monthly Challenge, none for July due to DefCon
- Sans NetWars - http://www.sans.org/cyber-ranges/netwars/
- PacketWars - http://www.packetwars.com
- hackthissite - http://hackthissite.org
- Smash the Stack - http://smashthestack.org/
- Hack Miami - lots of CTFs, no details currently - http://hackmiami.org
- Forensics Contest - LMG Security Forensic Contest - http://forensicscontest.com
- HoneyNet Project Challenges - http://www.honeynet.org/challenges/
- Halls of Valhalla - http://halls-of-Valhalla.org/ - Hundreds of challenges and an active community that adds new challenges as they think of them
- Hellbound Hackers - http://www.hellboundhackers.org/ - New
- SANS post-class CTFs - Usually when you take a sans course, especially in the pentesting track, you'll do a small CTF at the end of the class as a training exercise.
- Security Treasure Hunt - http://www.securitytreasurehunt.com/
- http://www.root-me.org/?lang=en
- http://www.hackthissite.org/
- http://exploit-exercises.com/
- http://hackquest.com
- http://securitytraps.no-ip.pl/
- http://www.astalavista.com/index.php?app=hackingchallenge (you must create a username & password to see the server info)
- http://ringzer0team.com/