seamustuohy / CSS-CTF

Civil Society Security Capture The Flag
4 stars 0 forks source link

Flag Format #18

Open blackswanburst opened 6 years ago

blackswanburst commented 6 years ago

Traditionally, CTF have a simple flag format, to help the participants understand quickly they have found a flag. Often something like:

flag{"This is the answer to challenge 4"}

or

This_is_a_secret_key_flag

Can we define a flag format for everyone to embed in their challenges?

seamustuohy commented 6 years ago

Since it looks like we are going to a more jeopardy style CTF I'd imagine we won't have all that many flags in the traditional sense. But, I like the idea of flags as ways to give participants constant rewards they can earn while playing and to help them know when they are moving in the right direction. (a flag in the email headers they have to analyze, in the whois data of the right site to explore, etc.)

To this end I would propose something like the first option where we have a key/value combination that can be made to fit in multiple formats. I propose IFF-Flag as the key.

So, for emails it could be IFF-Flag: pineapple_sunshine_645 in an email header. For a whois query it could be Registrant Organization: IFF-Flag: pineapple_sunshine_645 For a value in MISP it could be a data-uri or SVG which, when viewed, is an image which reads IFF-Flag: pineapple_sunshine_645 (So, they can't just search in MISP for IFF-Flag.

Thoughts?

rysiekpl commented 6 years ago

So, for emails it could be IFF-Flag: pineapple_sunshine_645 in an email header.

I would just point out that in many places we will need to use the X-IFF-Flag format instead (unless we don't care about not being standards compliant; I think we should care about that though). Probably obvious, I guess.

Also, hello all, just jumping in.