Skip to content

Attack-Defense CTFs

Attack-Defense is a style of CTF in which teams host services and exploit each other over a shared, private network.

The game progresses in fixed time intervals (rounds) lasting typically between one and five minutes. At the start of each round, the organizers attempt to place unique secrets (flags) in each service. Extracting these secrets from other teams' services and submitting them to the flag server each round to earn ATK-points is the primary goal of the game.

flag stores

A single service may store multiple unique flags each round in different flag stores, and may have more than one intended vulnerability to reach each one.

To incentivize teams to keep their services available to other teams to exploit, a series of checks is performed each round against every service of every team by the organizers' checkers. These tests define the so-called Service-Level Agreement (SLA); the functionality required for a team to earn SLA-points each round.

attack info

Checkers may also expose attack info per vulnerability to help guide players on what to exploit to collect flags for a specific round.

Each round a team's service goes unexploited, they also earn DEF-points. The amount of points earned typically decreases with the amount of teams exploiting the same flagstore.

These points combine to calculate the team score using a scoring formula, which can vary between CTFs.

Ultimately, there are 3 objectives each round to win the game:

  1. Exploit other teams
  2. Prevent others teams from exploiting you
  3. Pass the SLA check