InfoSecBulletin Cybersecurity for mankind
In this article, we won’t dive too deep into the technical aspects of Capture The Flag (CTF) competitions. Instead, we will skim the surface of this wonderful side of the cyber world and highlight the amazing community that Bangladesh has been building over the years. We will get to know the significance of CTF in Cyber Security and all the amazing events held by different communities and universities.
Introduction to CTF (Capture The Flag):
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
Daily Security Digest Dated 11/23/24
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
Over 145,000 ICS Across 175 Countries Found Exposed Online
World to see AI powered “human washing machines”
Hacker compromised over 2000 Palo Alto Networks Firewalls
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
What is CTF?
If we search on Google we will get this kind of answer:
“Capture the Flag or CTF in short is an exercise in which participants attempt to find text strings, called “flags”, which are secretly hidden in purposefully vulnerable programs or websites. They can be used for both competitive or educational purposes.”
This is the bookish answer to this. Today we are going to introduce you to CTF like a human being.
The task is simple: there will be a specific piece of text hidden behind a server or a webpage and you have to hack your way in to find it and submit it to solve the task. That specific piece of text is called the flag hence the name Capture The Flag came.
Different types of CTF challenges:
There are various types of challenges designed for CTF to test different skills and knowledge areas within cybersecurity. But we are not going to explain the techniques thoroughly as this article is only introductory.
Some common types of CTF challenges include:
1. Cryptography: Cryptography usually involves the process of decrypting or encrypting some data.
2. Steganography: Information hidden in images or files has to be retrieved by Steganography.
3. Binary: One might have to reverse engineer or exploit a binary file.
4. Web: Finding the flag by exploiting web pages.
5. Pwn: Exploiting a server to find the flag.
6. Forensics: Analyzing data or system images to find the flag.
7. Reverse Engineering: Deconstructing software binaries to understand their functionalities and finding the hidden flag.
8. Miscellaneous: Solving puzzles and trivias.
9. Jeopardy-style: Solving a board of challenges with categories and point values.
The goal of these challenges is to give a real world perspective of security vulnerabilities by simulating them virtually. Participants can explore these challenges within a controlled and educational environment. People can improve their problem solving skills, acquire practical experience in threat identification and mitigation, and work with other members of the cybersecurity community by participating in these challenges. Now let’s explore the wonderful communities and the opportunity held for the CTF players Bangladesh.
CTF Events In Bangladesh:
Each year many independent communities, universities and their respective clubs organizes CTF events like:
- Cyber Drill organized by BGD e-GOV CIRT:
The Cyber Drill organized by BGD e-GOV CIRT (Bangladesh Government’s Computer Incident Response Team) is an important event which aims to enhance the cybersecurity capabilities of various stakeholders in Bangladesh.
Capture The Flag (CTF) competitions organized as part of the Cyber Drill by BGD e-GOV CIRT significantly contribute to the improvement of the cybersecurity space in several ways.
It has 3 Categories:
● Financial Institution and CII Cyber Drill
● Educational Institutions Cyber Drill
● National Cyber Drill
The Cyber Drill and CTF competitions organized by BGD e-GOV CIRT encourage a better cybersecurity space by continuously developing skills, introducing a security-first culture, encouraging innovation, and building a skilled workforce. These efforts lead to improved crisis response, better policy development, and a more secure and prepared environment to face any crisis with resilience.
- The Cyber Community in Bangladesh and Flag Hunt 2023:
There is also a dedicated community “CTF Community Bangladesh” which organizes Flag Hunt that gathers skilled CTF players and enthusiasts that participates in this nerve wrecking day long competition.
This is one of the most-awaited events that pulls in the finest CTF participants and fanatics from around the whole nation. The participants challenge one another in diversified cybersecurity tasks that require web security, cryptography, reverse engineering and network security abilities on various platforms into a whole huddle of occasions.
Essentially, this event is not just aimed at displaying talents on an exhibition but it also facilitates collaboration as well as knowledge sharing between the participants. Flag Hunt is now a major event within the nation’s CTF scene organized by some wonderful people that know their stuff properly and what they are doing.
Flag Hunt 2023 highlighted the importance of collaboration and community in advancing technology and security. This event even included monetary rewards for the winners and swags and refreshments for all the participants.
There are also some other significant CTF events like:
1. Bangladesh University of Engineering and Technology (BUET) organized “BUET CTF – 2023” on July 21st, 2023
2. Military Institute of Science & Technology (MIST) organized LeetCon 2023 Capture the Flag (CTF) contest titled “HackMeIfYouCan”.
3. Islamic University of Technology (IUT) organized “The IUT CTF 2024” which was held online on April 20, 2024.
4. Daffodil International University (DIU) organized DIUCSC-01 CTF challenge on October 21st, 2023
5. and KnightCTF by Knight Squad
Why These Kinds of Events Are Needed:
Skill Development: These kinds of events help the participants with hands-on experience in a simulated environment.
Talent Identification: It also helps to identify and nurture new talents in the field of Cyber Security.
Community Building: These events bring together like-minded people and it helps to build a community that will facilitate them with networking opportunities among participants. Flag Hunt promotes collaboration and teamwork which is also an essential skill in the cybersecurity field where sometimes teamwork and collabs give the best result.
Support and Mentorship: Mentorship is a key element in the growth of any community. In these kinds of events seasoned CTF players try their best to offer guidance and support to the newcomers. This mentorship will help them in the long run and it also ensures that the community continues to grow and evolve.
The Future of CTF in Bangladesh:
Till now we have been discussing the introductory part of CTF like what it is and what kind of challenges it includes and the amazing community efforts to evolve it. Now we will talk about what the future holds for this exciting field.
This wave of change is just getting started. As the community grows stronger there will be more events and there will be thousands of new young talents that will lead the community in the near future.
These events are not just events, it connects enthusiasts and builds networks. The need for a secure cyberspace will increase day by day and to achieve that we will need cyber warriors. And these CTF challenges will bring out the best cyber warriors for the upcoming days to defend us. By fostering this culture of continuous learning and collaboration Bangladesh will be able to lower the risks of cyber threats.
The future of CTF in Bangladesh is very bright and has promising opportunities for individuals who want to develop their skills and contribute to the community. As we look ahead, the efforts invested today will shape a robust cybersecurity landscape which will empower the next generation to tackle challenges with confidence and expertise.
(1st part)
(Author: Nazmul Haque Jowel
(Security Researcher, & Software Engineering Student, DIU)
( NB: 2nd part titled “CTF BD: Challenges, possibilities and mitigation”, soon will be published)
