Skip to content

Attack-Defense CTFs

Attack-Defense is a style of CTF in which teams host services and exploit each other over a shared, private network.

The game progresses in fixed time intervals (rounds) lasting typically between one and five minutes. Throughout each round, the organizers attempt to place unique secrets (flags) in each service. Extracting these secrets from other teams' services and submitting them to a flag server each round to earn ATK-points is the primary goal of the game.

flag stores

A single service may store multiple unique flags each round in different flag stores, and may have more than one intended vulnerability to reach each one.

To incentivize teams to keep their services available to other teams to exploit, a series of checks is performed each round against every service of every team by the organizers' checkers. These tests define the so-called Service-Level Agreement (SLA); the functionality required for a team to earn SLA-points each round.

attack info

Checkers may also expose attack info per vulnerability to help guide players on what to exploit to collect flags for a specific round.

Each round a team receives DEF-points for every service. The amount of points earned is highest when the service is unexploited and decreases with the amount of other teams exploiting it.

These points combine to calculate the team score using a scoring formula, which can vary between CTFs.

Ultimately, there are 3 objectives each round to win the game:

  1. Exploit other teams
  2. Prevent others teams from exploiting you
  3. Pass the SLA check