Facebook Open-Sources Its Capture The Flag Competition Platform

In a bid to improve the state of security education, Facebook on May 11 open-sourced its Capture the Flag platform.

Among the most popular forms of security contests today is one known as a Capture the Flag (CTF) competition. In a typical CTF event, teams compete against each other in a bid to be the first to achieve a certain digital objective, which could be data exfiltration, credential retrieval or some other form of security milestone.

Facebook has been running college CTF competitions since 2013 and has expanded the effort over the years to include a diverse set of groups, including high schools in Spain, the Girl Scouts of America and the University of Cambridge. Now instead of just running CTF events, Facebook is making the platform it uses broadly available as an open-source project that anyone can use for free.

“We’re open-sourcing it now in response to the high volume of requests from conferences around the world to run our CTF at their events,” Javier Marcos, a Facebook security engineer, told eWEEK.

Challenge

The Facebook CTF is being open-sourced under a BSD license with an additional patent grant, Marcos said. The CTF platform makes use of several technologies that Facebook has developed over multiple years. Facebook CTF uses the Hack programming language that works with Facebook’s HHVM (Hip Hop Virtual Machine), he added.

The Facebook CTF platform can be customized for whatever a contest organizer might want to run. The initial set of challenges includes binary exploitation, Web application security, reverse-engineering and cryptography, according to Marcos. A CTF can run with several hundred participants or with as few as only two. The platform enables competitions in which competitors are physically present, remote or there is a combination of both.

“We’ve run hundreds of CTFs with our first-generation platform,” Marcos said. “This new version has been used by University of Michigan and the University of Cambridge.”

Perhaps the most famous CTF in the world is the one run every summer at the DefCon security conference in Las Vegas. Marcos noted that DefCon’s CTF is fully customized for each year’s competition.

“Our platform enables organizations to leverage a uniform back end every time, with a game map, team registration, scoring, etc., and they can add their own challenges on top of that platform,” he said. “For example, our platform could be used for a DefCon qualification round.”

Marcos and Facebook Software Engineer Gulshan Singh help to manage the CTF platform.

“It’s a lot of fun to learn this offensive side of security, but at the same time learning about these flaws makes you a better defender as well,” Singh wrote in a blog post.

The Facebook CTF (FBCTF) code and project are freely available on GitHub.

Originally published on eWeek.

What do you know about Facebook? Find out with our quiz!

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

12 hours ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

13 hours ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

14 hours ago

UK Government Launch AI Safety Platform For Businesses

New AI assurance platform from UK government will help businesses ensure they can safely develop…

15 hours ago

Australia Plans Social Media Ban For Children Under 16

Protecting kids? Australian government confirms plan to implement restriction on social media for children under…

17 hours ago

Canada Orders Shutdown Of TikTok’s Canadian Business

Canada ordered China's TikTok business in the country to be dissolved over national security risks,…

19 hours ago