seamustuohy / CSS-CTF

Civil Society Security Capture The Flag
4 stars 0 forks source link

CSS-CTF : Civil Society Security - Capture The Flag

This was an idea for an conference activity which the contributors didn't end up having time to develop fully. Since we've not found the time to finish it over the last five years it is time to share the baseline effort so others can bild on it - s2e

What will it look like?

What do we want it to accomplish?

The outcome of the CSS-CTF should be an increase of critical information security skills among civil society members. That said, the goal of the CTF is for the players to learn and have fun! The point of a problem is to be solved, so most problems should be solved by any participant who takes a training and success would mean that every problem is solved by at least one team.


Operational Taks

Initial Tasks


Example Problem: Getting a person to send an email as an attachment

Team gets an email from a "civil society member" that says they think they received a phishing email and they want help. When the team responds that they will take a look the participant first sends a screenshot, unless a forwarded attachment is explicitly asked for they will then send the text of the email copy and pasted to the team. If they are asked to send as an attachment they will ask the team to explain to them how to do it. If the organizers think that the explanation is good enough they will send the email as an attachment. The flag will be found in the headers of the email.

Problem Themes

Key Skills


Questions

Do we add foils? How do we track them?

Most forensic challenges can be tied in with Incident Response and teach the learner to handle things with care - this means running files or being careless could lead to loss of (challenge) data or information essential to solve the challenge. For example, write-blockers are utilized by forensic experts as a way of ensuring the integrity of the data is kept true and valid if used in court. Ensure the challenge leads players on a journey, an investigation of sorts with multiple sources of data leading to the culmination of ultimately one solution. - [suggestions for running a ctf](https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown)

Attribution-ShareAlike 4.0 International Licensed under a Attribution-ShareAlike 4.0 International (CC BY-SA 4.0).

Except where otherwise noted, this content is published under a CC BY-SA license, which means that you can copy, redistribute, remix, transform and build upon the content for any purpose even commercially as long as you give appropriate credit and provide a link to the license.

Recommended attribution:

"Civil Society Security - Capture The Flag" by A group of security for civil society actors is licensed under CC BY SA 4.0. Available at https://github.com/seamustuohy/CSS-CTF/blob/master/README.md

Civil Society Security - Capture The Flag has been created as a project of a group of security for civil society actors

The content in this project are part of the commons; if you find broken links or any other errors you can help by reporting them as an issue.