Capture the Flag competitions are a good – not to mention legal – way for hackers to build and hone their skills. But, quality CTF environments are difficult and expensive to build and run.
This is a burden that Facebook aims to lighten by open sourcing the Facebook CTF platform, devised for the training of their own employees and used around the world by various organizations looking to interest kids in computer security.
The now-free platform “takes care of the backend requirements of running a CTF, including the game map, team registration, and scoring,” says Gulshan Singh, a software engineer on Facebook’s threat infrastructure team.
The project’s GitHub repository also contains a small repository of challenges (reverse-engineering, forensics, web application security, cryptography, binary exploitation). Additional, custom challenges can be built by the users.
It also contains instructions on how to spin up the platform infrastructure.
“Not only do CTFs have the ability to teach more technical skills than you’ll get in an average computer science program, they can also help you break into the security industry,” says Singh, who credits the experience he gained through CTFs for getting a job at Facebook.
CTF competitions allow participants to learn more about the offensive side of security, and this knowledge also allows them to get better at deflecting attacks.
“By open sourcing our platform, schools, student groups, and organizations across all skill levels can now host competitions, practice sessions, and conferences of their own to teach computer science and security skills,” Singh points out.