Playing CTF with a not diverse team

Last week, I played a local CTF with my friends Akash, Lord Idiot, and 4yn. Usually, for local CTFs with a limited number of 4 members per team, I always end up in a team with diverse skillsets, enough to cover the various categories. This time, however, our team composition consists of:

  • Me (Reversing)
  • Akash (Pwn)
  • Lord Idiot (Pwn)
  • 4yn (Crypto/Programming/sysadmin?)

??? who is gonna do Web or Forensics? Also, as we were informed that the CTF also has a Pentest category, we collaborated on a retired HackTheBox machine just 2 days before the CTF. Other than that, just the day before the CTF, we also tried the Defcon DFIR CTF 2019. Very well prepared, I suppose. Typically, one wouldn’t expect such a team to perform well in a CTF with a diverse set of challenges.

That being said, all of us have been playing CTFs for some years (at least 4). So, we all do have some knowledge about each category, and are still aiming for the win.

Disclaimer: The CTF was not difficult. Imagine PicoCTF level of difficulty, but easier, maybe. There were also certain issues with the competition as a whole, but I’ll not open that door.

Spoiler: We did very well in the CTF.

Team Dynamics

Our teamwork was great, best I have experienced so far (which is mainly why I wrote this). It was most likely due to us being bad at everything that we are not good at. Here’s a short summary of what happened during the event.

Peer Programming (but CTF instead of programming)

It took us than 10% of our time to finish the reverse engineering, pwn, and crypto challenges. And we spent the remaining time on other categories. Since none of us specialize at these categories, we split into pairs to work on a challenge. It is generally not done this way, as usually each person is assigned to one challenge at a time, to maximize throughput.

It was really helpful though, and might even be more effective, at least in our situation. For those challenges with a lot of options to try, with 2 people working on 1 challenge at a time, it gave us the space to go deep and go broad on our ideas at the same time. In particular, one person could be quickly verifying the viability of various ideas, while another person does deeper exploration into a certain possibly working idea.

All in

At some point, we got to the point where we are stuck on some challenges, and could not really proceed. So, we changed our strategy, to have everyone working on the same challenge.

One benefit of everyone being bad at everything left, is that we are not afraid of giving dumb ideas. We just throw anything we can think of, and one of us would try and see if it works. And we did solve all the remaining challenges like this.

Support Role?

During the CTF, it felt like we had everything we needed. We had a VPS loaded with the tools we needed, all challenges’ information stored in our Discord channels, and any important notes for each challenge are easily accessible. All thanks to 4yn.

As this CTF had mostly been a test of speed, this made a huge impact to our performance.

It felt like having N’Golo Kanté on our team.

Final Remarks

In this end, great teamwork won us the competition. I hope that new young CTF players would find the perfect team for them, and look forward to seeing who will take over the local CTF scene.

On the other hand, I also hope the local CTF scene would grow over the years, to have less GTF and more CTF.