Capture the Flag

We work hard. We play hard. We’re Knightsec and we do the breaking.

Knightsec, the Team

At University of Central Florida, we are all Knights. And that sec in Knightsec doesn’t necessarily stand for secrecy, but rather security. We do something really special. Our students participate in offensive-based Capture the Flag competitions regularly against teams from around the world to engage in real-world security challenges in a point-based, jeopardy-style fashion.

Capture the Flag—most commonly spoken in its acronym form—doesn’t just refer to that game we used to play as kids in the back yard. We play it in a security context too. It is a competition where students, enthusiasts, and security professionals from around the world come together during a period of time—maybe 24 or 48 hours—to race against each other to solve challenges for team-awarded points. Our team works together to succeed.

Categories and Challenges

We see all sorts of challenges during these competitions. In the jeopardy-style fashion, we are given a number of categories like on that TV show, Jeopardy!. Some cool categories include network sniffing, system administration, web, reverse engineering, protocol analysis, programming, and cryptanalysis. What’s even cooler is that our students don’t need to have any of these skills to get started. We are a community; we teach each other. All that is needed is an eagerness to learn.

Web challenges, for example, usually involve a web application running on a remote server. Our goal might be to compromise the website—find a user’s password, bypass authentication, get into the administrator’s account, or even steal information from a database. Often with reverse engineering challenges, we are given a compiled program—a binary EXE file, Nintendo DS ROM, Android application, etc.—and have a goal of extracting the secret or flag. We are to capture the flag.

Pwning is another category. Usually it’s challenges that might involve a remote server, which is executing a compiled program. To get points on the board, we must exploit the application that is running on the remote server so we can get administrator privileges or otherwise capture the flag. The forensics-based category can include challenges where we aim to understand the intricacies of a file format or even extract hidden data from an image, for instance, using steganography techniques. Sometimes we need to find out all the information about a person or subject to eventually find the flag in reconnaissance-type challenges.

Write-ups

We love to share what we do, so after each competition, our students strive to document what they have learned and the processes they have applied in order to solve CTF challenges. We post our write-ups on the website.

Getting Started

Capture the Flag competitions are scheduled frequently, each hosted by different organizations from the world. Usually the competitions are virtual so it’s really easy for anyone to participate—they happen online, which means we can totally pull an at-home-in-underwear. How does the team collaborate if everyone is at home? Well, check out the bottom-right corner. We stay connected.

We have a CTF workshop nearly every weekend. Catch up on some of the challenges that we work on: Challenges.

Occasionally, we will host an all-day or multi-day CTF event on-campus where students can learn, have fun, and enjoy food and drinks from our sponsors all while competing. Be on the lookout for upcoming competitions by checking out CTFtime and our calendar.