Note: this is a guest post by J Wolfgang Goerlich (@jwgoerlich), Captain of the MiSec RuCTFe 2012 team.
Ten. Nine. Eight. We stand in the war room of a data center. Seven. Six. We watch the scoreboard and count down the final few seconds. Five. Four. It was a tough day, but the team really came together at the end. Three. The organizers extended it by ninety minutes. We’re tired, hungry, and ready to celebrate. Two. Tomorrow, we can reflect with Dradis. One. Game over.
Let’s jump back for a moment. MiSec is a loose knit group of IT security professionals and students. We regularly toss out a capture-the-flag challenge. Whoever is interested attends, and whomever attends becomes the team. The only price for admittance is the passion for learning something new and the dedication to teaching others what you learn.
This was our second time playing the RuCTFe. It is an English CTF organized by the Russian CTF team HackerDom of Ural Federal University. Limited to 150 teams world-wide and played out live for several hours once a year, it is quite the event on the MiSec calendar.
But that is not the only CTF we compete it. We put together ad hoc teams every couple of months for various events. CTFtime has us at the 119th place time in 2011 and 173rd team in 2012. That is out of 1815 CTF teams world-wide. We get a lot of play.
The challenge is coordination and information sharing. With people all over the state participating, and with an ever changing roster of teammates, you never quite know what to expect. The trick is getting people onto the same page during the incredibly fast paced CTF events.
Dradis is the answer. Each time there is a CTF, one of the team members takes point in setting up a new Dradis instance. We organize the folders by challenges. As progress is made and new things are learned, people make notes. Each Dradis instance becomes a snapshot of our team’s efforts.
Back in the game, the countdown hits one. We pack up our gear. We clear the war room. The Dradis virtual machine is shutdown, copied, and distributed to the team. Over the coming days, we will review our findings and read other team’s write-ups. This will culminate in a debriefing like the one below in about a week. Game over.
We would like to thank the Dradis project maintainers for their efforts and support. CTFs are crazy enough. Adding an ever changing team roster is even crazier. Toss in a mix of people all over the place dialing in at all different times. Insanity. Dradis keeps us sane and has become a fundamental part of MiSec’s CTF strategy. Thanks gents.
-J Wolfgang Goerlich