What is Capture The Flag?
Capture The Flags, or CTFs, are a kind of computer security competition.
There's very little running in this kind of CTF
Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill.
There are two kinds of CTF competitions. Jeopardy CTFs and Attack & Defense CTFs.
Jeopardy CTFs are the most common kind of CTF.
They revolve around a set of challenges which are provided by competition organizers to competitors.
Competitors form teams and then work on the challenges together.
Each challenge is designed so that when the competitor solves it, a small piece of text or "flag" is revealed. The flag is then submitted to a website or scoring engine in exchange for points. The amount of points rewarded is typically relative to the perceived difficulty of the challenge.
Competitors usually receive about 72 hours (typically the course of a weekend) to solve as many challenges as possible.
Attack & Defense CTFs
Attack & Defense CTFs are a less common kind of CTF with more moving parts. They're rarely done for the general public because of their complexity.
In an A&D CTF, teams are each given the same set of vulnerable server software. Teams are to setup & audit this software before the competition. At the start of the competition, teams will connect their servers to an isolated network to join the CTF.
Within this network, teams will launch attacks against each others servers hoping to exploit the vulnerabilities they've found. Likewise, teams will need to properly patch their software so that it is protected against these exploits and functions normally.
Teams receive points for extracting flags, properly defending their flags, and keeping their servers operating normally.
Hundreds of CTFs happen every year and that number is only growing.
CTFs have been used since at least 1996 by hackers looking to test each others skill.
It's almost like hacker practice...but for the good guys