hacdc-wiki/Capture_the_Flag.md

## Build-A-CTF

Join us to create unique hacking CTF competitions meeting **every Sunday
at the HacDC Space**. Sign up for events at
[Meetup.com](https://www.meetup.com/hac-dc/events/291602998/).

As per Wikipedia, "A Capture the Flag (CTF) in computer security is an
exercise in which "flags" are secretly hidden in purposefully-vulnerable
programs or websites. It can either be for competitive or educational
purposes. Competitors steal flags either from other competitors
(attack/defense-style CTFs) or from the organizers (jeopardy-style
challenges)."

### Goals

Our first CTF aims to achieve the following goals:

1.  Be a *learning experience*, for both the organizers and participants
2.  Be *beginner-friendly*, open and accessible to first-time
    participants
3.  Be *fun, engaging, and encouraging* to newcomers to explore the
    wider world of cybersecurity

## Design

Based on the above goals, we have decided to design our first
competition in the style of \[
<https://en.wikipedia.org/wiki/King_of_the_hill_(game)> King of the
Hill\] (KotH). A participant wins the event upon maintaining the sole
login session on the target machine for 30 **uninterrupted** minutes.
Participants may use any exploit to establish a session on the target
machine, but are only allowed to patch the exploit that they used to
enter upon establishing a session. It is in the interest of the present
King to monitor the machine for sessions established by other teams, and
to continue to research exploits in the event that they are dethroned by
an opposing team.

### Architecture

The environment will be developed in [GNS3](https://gns3.com/), a
virtualization software that enables the CTF organizers to construct a
purely software-based network, all within a single VM! VMs inside a VM,
a.k.a. VM-ception.

<figure>
<img src="Example_GNS3.png" title="Example_GNS3.png" />
<figcaption>Example_GNS3.png</figcaption>
</figure>