Pro’s ‘Vs’ Joe’s CTF

Pro’s ‘Vs’ Joe’s CTF

This year’s Security B-Sides Delaware will see its first Capture The Flag event.  Teams will be forged of the hardened mettle of Professionals, blended with the raw potential of Regular Joe’s.  These bands of bit slingers will slug it out in a no-holds barred, winner takes all competition that will drown the links in a sea of overflowed buffers, leave web servers thoroughly perforated with  penetrating injections, and lay to waste any host that is not well defended.


Each team will be fortified and led by at least one seasoned professional pen tester, rounded out with those willing to step forth and seize the mantle of opportunity.  Each team will be responsible for striking out across the network to compromise the other sides’ systems to steal flags, whilst defending their own flags across six servers.

Players will have to use a combination of remote and local attacks to steal the first of the flags.  Early flags will be needed to find those that follow, as the teams follow the trail of breadcrumbs in a race to the top.


Flags will be hidden in a mix of textbook and real world vulnerabilities. These include, but are not limited to: basic server misconfigurations, web application vulnerabilities, network level vulnerabilities, cryptography, and binary reverse engineering. Flag values will also vary based on level of difficulty to reach that flag (basic SQL injection being low level, more difficult binary reversing being higher level.) Flags will also be different across all teams, to prevent blue teams (you) from submitting flags from your own database.

This does not mean that you should not scan your own network for vulnerabilities. By doing this, you are able to close vulnerabilities you discover, and utilize those same vulnerabilities against other teams. A scoring server will be in place to check uptime of services and check that the service is functioning properly.

The Pros are expected to assist their fellow Joes. Pros, don’t be a hero! Give assistance and direction where needed, put those managerial skills to good use. Joes, ask questions, make decisions, and don’t be afraid to get your hands dirty.

 We’d like to thank @earnoth & @theKos for putting this together!
To register for this free event spanning the whole conference, please visit the regular Security BSides Delaware registration on Eventbrite:

Leave a Reply

Your email address will not be published. Required fields are marked *

Unable to load the Are You a Human PlayThru™. Please contact the site owner to report the problem.