The content of this column is taken from the public video "The Past, Present and Future of CTF" by Teacher Zhuge Jianwei in the Spring Festival.

Origin of CTF

CTF originated from the competition game between hackers in the fourth DEFCON in 1996.

Early years of CTF

Early years of CTF (1996-2001), there are no clear rules, no professional competition platform and environment. The organizer prepares the rules of the competition (preparation of securing the network, as well as exploiting its vulnerabilities). Most of the organizers are just enthusiastic non-professional volunteers who assists in manual scoring.

Due to lack of automated scoring and technical referees, along with scoring delays and errors, unreliable network and improper configuration, great controversy and dissatisfaction is widespread.

"Modern" CTF Competition

A professional team will handle the competition platform, problems, organization of the event and automated scoring system. The participating teams are required to submit an application for participation and will be selected by the organizers of the DEFCON in a meeting.

During the three years with LegitBS organising the DEFCON CTF competition, a few modifications have been made:

  • The competition focuses on the inner workings of the computer, its security features and capabilities, web exploitation has been completely ignored.
  • Various of CPU architectures, operating systems and languages.
  • "Zero Sum" scoring rule.
  • A wider skillset demanded: Reverse engineering, exploiting loopholes, pwning, patching, network traffic analysis, system security, and security-oriented system for programming and debugging.