Strategies used in capture-the-flag events contributing to team performance

View/ Open
Author
Yam, Wye Kede Jerel
Date
2016-03Advisor
Eagle, Christopher
Beverly, Robert
Metadata
Show full item recordAbstract
Capture-the-flag (CTF) exercises are useful pedagogical tools and have been employed, both formally and informally, by academic institutions. Much like their physical counterparts, cyber CTF exercises hold pedagogical value and are gaining wide popularity. Existing studies on CTF exercises examined either how they benefit learning, or are best conducted. To our knowledge, no formal study has yet looked at the relationship between the strategies and tactics that the CTF participants employ (as defined by their offensive and defensive tactics), and the performance of participants in these events. In this thesis, we studied network traffic and game state data from the DEFCON 22 CTF event. We developed tools to ex-tract features from large volumes of network data; we then correlated these features with game state data to piece together strategies that the participating teams seemingly employ. We learned that several teams employed effective tactics such as capturing their opponents' exploits from the network to reuse them, employing automation to help with launching their exploits, obfuscating their attacks and attack responses, and attacking the client hosts of other teams.
Description
Approved for public release; distribution is unlimited
Related items
Showing items related by title, author, creator and subject.
-
An implementation of traffic monitoring for UNIX network performance management.
Fu Chen-Hua (Monterey, California: Naval Postgraduate School, 1993-03);Efficient performance and high throughput are the major goals of the network performance management. How can we achieve these goal? First, it is necessary to know the network traffic situations. This thesis research ... -
Homeland Security Affairs Journal, Volume II - 2006: Issue 2, July
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2006-07);July 2006. The July 2006 issue of Homeland Security Affairs offers articles about risk perception, domestic right wing extremist groups, social network analysis, and the impact of foreign policy on homeland security. It ... -
Partial information community detection in a multilayer network
Warnke, Scott D. (Monterey, California: Naval Postgraduate School, 2016-06);Identifying communities in a dark network is a potentially difficult task. The nature of dark networks, and their characteristic of con-cealing connections within the network, makes community detection an enterprise based ...