Conference PaperPDF Available

Provisionamento automatizado de servidores para competições de segurança da informação


Abstract and Figures

Promoting Capture-The-Flag (CTF) competitions requires large operational costs, due to the number of participants scale and problems computing requirements. In problems that involve server exploitation, it is important to provide guarantees that each participant solution do not interfere with others. Thus, to save resources, we propose an automated provisioner that allocates LXD containers to competitors that have achieved a minimum score, in addition we integrate the provisioner to the OpenStack API. Finally, the solution is fully operational at UFSCar Private Cloud and we plan to adopt it during the 2017 Pwn2Win International CTF.
Content may be subject to copyright.
A preview of the PDF is not available
... Como resposta a essa sugestão, a edição de 2017 provisionou ambientes isolados para cada equipe, acessíveis por VPN, para alguns dos desafios. Como não existiam recursos computacionais suficientes para fazer isso para todas as equipes inscritas, utilizou-se um provisionador automático [Magalhães et al. 2017] que construía os ambientes apenas para as equipes que resolvessem pelo menos 8 dos desafios que não eram isolados e, portanto, estavam disponíveis para todas as equipes desde o início da competição. ...
Conference Paper
Full-text available
Capture-The-Flag (CTF) are information security competitions. Even though they are organized by experts in the field, the platforms used to run the events are subject to vulnerabilities, just like any other software. Although literature has proposed the NIZKCTF (Non-Interactive Zero-Knowledge Capture the Flag) protocol, in which participants submit a zero-knowledge proof that they have the answers to competition challenges, the implementation of this protocol lacks usability requirements which have only been realized with its use over the years. This paper discusses lessons learned and the adaptations to NIZKCTF made by the organizers of the Pwn2Win CTF from 2017 to 2021.
Full-text available
Capture the Flag (CTF) competitions are increasingly important for the Brazilian cybersecurity community as education and professional tools. Unfortunately, CTF platforms may suffer from security issues, giving an unfair advantage to competitors. To mitigate this, we propose NIZKCTF, the first open-audit CTF platform based on non-interactive zero-knowledge proofs.
This issue's "Cloud Tidbit" focuses on container technology and how it's emerging as an important part of the cloud computing infrastructure. It looks at Docker, an open source project that automates the faster deployment of Linux applications, and Kubernetes, an open source cluster manager for Docker containers.
Global cybersecurity index & cyberwellness profiles
  • Abi Research
ABI Research (2015). Global cybersecurity index & cyberwellness profiles. Technical report, International Telecommunications Union, Geneva, CH.
Pwn2Win CTF 2016-Bastidores.
  • A Bertochi
Bertochi, A. (2016). Pwn2Win CTF 2016-Bastidores.
Capturing all the flags in BSidesSF CTF by pwning our infrastructure
  • B Eastes
Eastes, B. (2017). Capturing all the flags in BSidesSF CTF by pwning our infrastructure.
Understanding the container ecosystem: A taxonomy of building blocks for container lifecycle and cluster management
  • D Ernst
  • D Bermbach
Ernst, D., Bermbach, D., and Tai, S. (2016). Understanding the container ecosystem: A taxonomy of building blocks for container lifecycle and cluster management. In IEEE Second International Workshop on Container Technologies and Container Clouds, Berlin, Germany. IEEE.
A human capital crisis in cybersecurity: Technical proficiency matters
  • K Evans
  • F Reeder
Evans, K. and Reeder, F. (2010). A human capital crisis in cybersecurity: Technical proficiency matters. Technical report, Center for Strategic and International Studies, Washington, DC, USA.
Seadog GitHub repository
  • J Yu
Yu, J. (2016). Seadog GitHub repository: RC3-CTF-2016-scoreboard.