Hey gang,
It was a few months ago at this point but I wanted to take a brief aside to reflect on a CTF tournament that me and a group of the lads at my university took part in recently. I don’t think I’m going to mention it by name, but I’ll give you the basic gist. It consisted of two events, an individual and team game, that took place over the course of three days (each). Honestly at the time of writing it’s been quite a while but I wanted to drop some tips for anyone who is in a similar position as I was. It’s also nice to have a bit of time to write something again now that I have my degree.
Tip #0: Set Aside Enough Time
I have a confession. I didn’t do especially well on the individual game. I did well above the average to be fair, but know that I could have done much better had I attempted more of the harder problems. Why didn’t I? Someone decided it was a good idea to spend the first day of the event taking a trip home. Now I don’t really regret the trip. After all, I was only playing in the event for a bit of fun, but I did underestimate the amount of time I would need to give every challenge a good try. Multi-day events are as long as they are for good reasons, and your convenience is not one of them. You should be ready to give the event your full attention. Even time spent sleeping is time that you could be having you GPU cracking hashes.
Tip #1: Be Prepared To Fail
Don’t get stuck in rabbit holes. Some questions, you will not be able to solve. It might have nothing to do with the question being hard. The easier the question seems the more likely I find that I am to waste many hours on it. For the sake of upholding the spirit of the competition I won’t disclose anything about the problems, but I will talk briefly about the methodologies and the problems they caused.
There a particular easy problem during the individual game that caused some issues for me and my team. I knew it was easy even as I was doing it because I have seen a lot of problems like it in the past. The problem required me to look up some old document on the Wayback Machine. Despite this being the first solution I had come to mind (and what ended up being correct) I just couldn’t find it. A friend later showed me after the competition that you had to use some weird and specific section of the site in order to find the archived document and I was flabbergasted. The solution was right in front of me the whole time but I still wasted 4+ hours on this “easy” problem to no avail. Very frustrating. If I ever do this sort of thing again I plan on setting a time limit for each problem. Not only would this force me to engage with something new which I might have more luck with, but it would also allow me to circle back with a fresh and much less annoyed pair of eyeballs later.
Tip #2: Try Everything
This is a small gripe I had with the team game, but I feel it warrants a tip. Not being able to answer something feels a bit rough, but being able to do it and not trying is worse. In my case there was a “hard” challenge at the event which no other teams seemed to be able to solve including mine. It was in a category that I was not very confident in, so I tried to leave it to my team to work on. Despite this, I ended up taking a peek at it a few times near the end of the competition. I thought to myself that it might just be a simple frequency analysis problem, but seeing it labeled as hard with low completion led me just discard this idea. At this point you can probably see where this is going. Yeah, the solution was really as simple as what I had imagined. Nope, none of us tried it. Even if you think your solution won’t work, please just try it anyway. During the last few hours of the competition you really have nothing to lose by doing so.
That’s all for now. I really had a good time at this CTF despite my missteps, and hope to get an opportunity to do something like this again. Good luck with your own competitions!