For the past decade, I've participated in a number of security exercises known as Capture-the-Flag, or CTF, competitions. These competitions can take a number of forms, but typically involve some combination of defending a team resource containing sensitive data and attacking resources administered by other teams. These competitions have become popular in recent years as a tool for teaching practical cybersecurity skills, although—in my experience—the organizers usually learn something as well.

I've been affiliated with shellphish and epic fail in past CTFs. During my time at the UCSB SecLab, I also helped to organize several editions of the UCSB iCTF, an academic competition that is consistently the largest distributed CTF of its kind.

iCTF is by no means the only academic competition around. Some of the other prominent contests that have been organized in recent years include:

• plaidCTF
• rwthCTF
• ruCTFE
• CodeGate
• Ghost in the Shellcode
• Nuit du Hack
• Positive Hack Days

DEFCON CTF

The longest-running—and probably most famous—CTF is the DEFCON CTF, co-located with the DEFCON hacking convention. DEFCON CTF is considered by many to be the “world championships” of competitive hacking. shellphish has participated in virtually every DEFCON CTF since 2004, and placed first at the 2005 competition.

DEFCON CTF is currently organized by ddtek (a.k.a. sk3wl of r00t, a.k.a. Chris Eagle and associates at the Naval Postgraduate School). In the past, it's been run by the GhettoHackers and Kenshoto.

Persistent Threat Hacking Club

At Northeastern, I founded the Persistent Threat Hacking Club, or PTHC for short. We're comprised of undergrad and graduate students from CCIS and Engineering, and are active on the CTF circuit. More information is coming soon!