Traboda recently hosted the 2023 Digital Defenders CTF on its Arena platform. The event was sponsored by Cisco India CSR and conducted by CySecK- the Karnataka TechCenter of Excellence for Cyber Security along with the Indian Institute of Science's Centre for Network Intelligence, Bengaluru. Traboda partnered with team bi0s, Indiaʼs No.1 Ranked CTF team to develop the challenges, manage the platform and provide support during the CTF.
About the Organizers & the Programme
Established in 2017 by the Government of Karnataka, the Centre of Excellence in Cybersecurity (CySecK) aims to foster a cyber-safe environment, facilitate industry collaboration, address skill gaps, and promote innovation in the rapidly evolving field of cyber-security. Located within the prestigious Indian Institute of Science (IISc) Bangalore, CySecK regularly conducts high-quality training programs in cyber-security.
This year, CySecK partnered with the Centre for Networked Intelligence (CNI) at the Indian Institute of Science, Bengaluru, an initiative sponsored by Cisco Systems India Pvt. Ltd.'s CSR, to organize the Digital Defenders Master Class and Capture the Flag (CTF) programme.
Cisco India, a steadfast supporter of cyber-security initiatives nationwide, has previously sponsored the Amrita InCTF organized by Team bi0s and collaborated with the founders of Traboda to conduct the Attack-Defense CTF at their AJPC SecCon. As a result, Traboda and Team bi0s, with over a decade of experience organizing CTFs, were selected as natural partners for the initiative.
The Digital Defenders Masterclass programme featured webinars across various domains of cybersecurity including network security, web security, forensics, and cryptography spread over the month of June, and was taken by experts from the industry, Cisco India, and the members of team bi0s. To conclude the programme, and put the skills learnt during the training to test, the 76-hour Digital Defenders CTF was conducted from July 6 to 9th.
The Digital Defenders CTF
The Digital Defenders CTF, hosted on the Traboda Arena platform by teambi0s, who also prepared a great set of challenges for it, was open to top Indian students, who qualified for it after their participation after their participation in the webinars conducted earlier.
The virtual CTF event boasted an impressive prize pool of 4 lakhs INR (~ 5,000 USD) and offered internship opportunities with partner organizations such as Cisco. Consequently, concerns arose regarding the potential for participants to engage in cheating by sharing and trading flags with one another. This issue is prevalent and challenging to prevent in CTF events, particularly when they serve as recruitment drives or offer substantial rewards. In such cases, participants' motives may shift from learning and skill development to solely pursuing prizes and opportunities.
However, our team consisting of veteran CTF players had developed the Traboda Arena platform, drawing from over 5 years of experience hosting international and corporate CTFs. Arena was innovated ground up to prevent, detect and report incidents of flag sharing and trading, and was deployed with these advanced anti-cheat mechanisms for the CTF.
Arena detects & prevents flag-sharing & trades
Arena comes out of the box with various mechanisms that help organizers to prevent various types of cheating in CTFs. Here are a few ways in which Arena is able to ensure fairness, and prevent cheating in CTFs it hosts -
- Unique Flag Generation - For challenges that have a deployment (such as web, pwn etc.), Arena can deploy an on-demand individual instance for every participant, each embedded with their own individual unique flag. No two participant instances, thus participants, are set the same flag for a challenge, and therefore, copying a flag from another participant not just becomes futile, but also triggers an incident easily capturing both the sharer and the copier.
- Auto Submitting Challenge - Authors can write their challenge application to have server-side submission or validation of solve that gets trigged from the challenge instance when a certain vulnerability/bug has been successfully found/exploited by the participant. Thus, there is no need for the participant to submit the flag, or in fact to print out the flag. Hence, in the absence of a flag, there is nothing a participant can share or trade with others.
- Smart Activity Monitoring - Arena extensively logs all kinds of activity that participant performs on the platform, such as when a challenge attachment is downloaded, deployment is opened, etc. This is then processed to detect and report unusual incidents like a correct flag submission for a challenge, where the participant has not yet downloaded the attachment - which could be a result of flag sharing.
With the above features in place and the challenges authored by team bi0s taking the full leverage of the platform, we could detect around 115 instances of flag sharing. The organizing team members could easily find them from the logs page in the admin panel of Arena and take appropriate actions.
To maintain fairness among participants, the organizers issued a warning about the ongoing flag sharing and insisted that it must be stopped. Unaware of the automated detection system in place, some participants continued to trade flags, mistakenly believing that we were issuing warnings after catching a few through manual reporting.
As the CTF progressed, organizers received messages from some participants, revealing that a few desperate individuals were asking for flags and attempting to trade with them. This is a common issue, but often organizers can do little more than warn these individuals. However, Adhithya from team bi0s devised an intriguing solution: distributing fake flags, or honeypots, to the reporters and encouraging them to share them with those seeking flags. Here's how this technique works:
- Participant A reports to the Admins about B asking for a flag for challenge X
- Admin generates and sets up a honeypot flag for challenge X, gives it to participant A and asks to share it with B.
- Unaware that it is a honeypot, Participant B submits the fake flag and receives points for it.
- In the Admin panel's submissions view, the Admin can now clearly see Participant B's submission of the fake flag. Since this flag cannot be obtained legitimately by solving the challenge, it is evident that it was shared by Participant A with Participant B, proving flag sharing.
- Armed with this evidence, the Admin confront Participant B and bans them for violating the competition rules.
By the end of the CTF, with these measures, 20 participants were banned and disqualified from the contest. To make the process transparent, the organizers exported the flag-sharing logs out of the platform and shared them in the telegram group of the contest, so that they could see the evidence we were having.
The CTF went on to become a great success with over 54% of registered participants getting into the scoreboard, and all the challenges getting a good number of solves.
By leveraging the Traboda Arena platform's advanced anti-cheat mechanisms and the expertise of team bi0s, the Digital Defenders CTF was able to maintain a fair and competitive environment for all participants. This ensured that the focus remained on learning and skill development, rather than simply pursuing prizes and opportunities. The success of the event demonstrates the importance of investing in robust platforms and collaborating with experienced partners to create high-quality cyber-security training experiences.
Events like the Digital Defenders CTF play a crucial role in shaping the future of cyber-security. By training young adults in different types of cyber-security violation scenarios, such events help create a pool of skilled professionals who can tackle the growing threat of cyberattacks.
With the rise of digitization and increasing dependence on technology, cyber-security has become one of the most critical areas for businesses and governments alike. However, there is a significant shortage of skilled professionals in this field. Events like Digital Defenders CTF can help bridge this gap by encouraging young adults to pursue careers in cyber-security.
Moreover, events like these provide an opportunity for participants to learn from industry experts and gain hands-on experience through practical challenges. This exposure to real-world scenarios helps participants develop a deeper understanding of the challenges faced by cyber-security professionals and equips them with skills that are relevant to their future careers.