The UCSB International Capture The Flag (also known as the iCTF) is a distributed, wide-area security exercise, whose goal is to test the security skills of the participants. The iCTF contest is organized by Prof. Giovanni Vigna of the Department of Computer Science at UCSB, and is held once a year (usually at the beginning of December).

The 2013 iCTF

The 2013 iCTF will be held on March 22nd, 2013.

You can follow the competition here.

The theme of the competition is "Protect the Critical Infrastructure".
Each team has to detect attacks against a server that controls multiple critical services. In addition, the teams have to develop attacks to compromise the services of other teams. In the end the team that has the best combination of attack and defense skills.

This year the competition is sponsored by Lastline. Lastline provides solutions to address the problem of 0-day vulnerabilities, APTs, and targeted attacks, by focusing on real-time analysis of advanced malware and of the Internet's malicious infrastructure (the Malscape). Lastline leverages this threat intelligence to create advanced malware defenses for companies of all sizes.

To hear about future developments, subscribe to the iCTF participants mailing list.

Overview

The Capture The Flag contest is multi-site, multi-team hacking contest in which a number of teams compete independently against each other.

In traditional editions of the iCTF (2003-2007), the goal of each team was to maintain a set of services such that they remain available and uncompromised throughout the contest phase. Each team also has to attempt to compromise the other teams' services. Since all the teams received an identical copy of the virtual host containing the vulnerable services, each team has to find vulnerabilities in their copy of the hosts and possibly fix the vulnerabilities without disrupting the services. At the same time, the teams have to leverage their knowledge about the vulnerabilities they found to compromise the servers run by other teams. Compromising a service allows a team to bypass the service's security mechanisms and to "capture the flag" associated with the service.

For the past four years (2008, 2009, 2010i, and 2011), new competition designs have been introduced. More precisely, in 2008 we created a separate virtual network for each team. The goal was to attack a terrorist network and defuse a bomb after compromising a number of hosts. In 2009, the participants had to compromise the browsers of a large group of simulated users, steal their money, and create a botnet. In 2010, the participants had to attack the rogue nation of Litya, ruled by the evil Lisvoy Bironulesk. A new design forced the team to attack the services supporting Litya's infrastructure only at specific times, when certain activities were in progress. In addition, an intrusion detection system would temporarily firewall out the teams whose attacks were detected. In 2011, the participants had to "launder" their money through the execution of exploits, which had some risks associated with them. This created an interesting exercise in evaluating the risk/reward trade-offs in network security.

History and Background

The UCSB CTF evolved from a number of previous security "live exercises" that were carried out locally at UCSB, in 2001 and 2002. The first wide-area edition of the UCSB CTF was carried out in December 2003. In that CTF, fourteen teams from around the United States competed in a contest to compromise other teams' network services while trying to protect their own services from attacks. The contest included teams from UCSB, North Carolina State University, the Naval Postgraduate School in Monterey, the West Point Academy, Georgia Tech, University of Texas at Austin, and University of Illinois, Urbana-Champaign.

In 2004, the UCSB CTF evolved into an international exercise (hence, the name "iCTF"), which included teams from the United States and Austria, Germany, Italy, and Norway.

In 2005, the UCSB iCTF evolved into an intercontinental exercise, which included 22 teams from North America, South America, Europe and Australia. This was never be attempted before on such a large scale.

In the following years the size of the iCTF kept increasing. In 2010, the UCSB iCTF involved 72 teams and almost 900 students, and in 2011 the competition involved 80 teams and more than a thousand students, making it the largest live security exercise ever performed on the Internet.

The exercises up to 2007 were loosely based on the DEFCON Capture the Flag contest. Acknowledgments go to the Ghetto Hackers that did such a wonderful (and inspiring) job in organizing the CTF contest at DEFCON and to Kenshoto, who picked up the task of running the CTF and found ways to improve it. Many of the ideas of our iCTF are derived from the DEFCON CTF and the lessons learned by participating to the DEFCON contest.

Those exercises were different from the DEFCON contest because it involves several educational institutions spread across the different continents. The DEFCON contest includes locally connected teams only.

In addition, the DEFCON contest has always involved a limited number of teams. We developed a new network solution that allows a large number of teams to participate. The UCSB CTF is the largest existing live security exercise.

Finally, we used a novel technique, called "blending", to route traffic among the teams that allows for a more realistic experience.

Point of contact

The Capture The Flag (CTF) is organized by Giovanni Vigna, at UCSB.

This is the contact information: