Comment by hsbauauvhabzb
9 days ago
Ctfs need preparation and unconstrained internet, even if you block domains it’s possible to tunnel out
9 days ago
Ctfs need preparation and unconstrained internet, even if you block domains it’s possible to tunnel out
Unconstrained internet is nice, but I don't think it's a hard requirement. Just tricky to enforce, even in-person.
It is a hard requirement. Once you reach higher levels of challenges you spend most of your time reading through RFCs, web sepcs, Github issues, mailing lists, papers, random bugtrackers and library/framework code. There is no way to create a whitelist for that. Besides, a firewall won't stop good hackers.
Normal CTF workflows can involve a lot of research but that's not the point. You can design self-contained challenges with offline solving in mind, and bundle any truly necessary docs/src/etc. with the challenge download.
Presumably if you block domains, you wouldn't be able to use AI to find a way around the block. So doing so demonstrates at least some human skill
Or forethought, I’m sure you could ask an AI how to circumvent any blocks.
Proxy through an EC2. Ask me how I know.
Use jumpbox to access CTF. Disable all wireless for the playing hall.
I think you’re forgetting hotspots, or laptops with inbuilt 4/5g
Faraday cages exist. Finally a use for all those damn SCIFs tech companies were building in the late 2010's...