Skip to content

CTF History

The content of this column is taken from the public video "The Past, Present and Future of CTF" by Teacher Zhuge Jianwei in the Spring Festival.

Origin of CTF

CTF originated from the competition game between hackers in the fourth DEFCON in 1996.

Early Years of CTF

The first CTF (1996-2001) has no clear rules, no professionally built platform or environment. Each team prepares their own objective (defending their own objective, while attacking opponents' objective). Most of the organizers are just enthusiastic non-professional volunteers who assist in manual scoring.

Great controversy and dissatisfaction were due to the lack of an automated scoring system and technical competence among judges, many scoring delays and errors, unreliable network, and improper configuration.

"Modern" CTF Competition

A professional organizer will manage the competition platform, create challenges, and implement competitions with an automated scoring system. The participating teams are required to apply for participation and will be selected by the organizers of the DEFCON in a meeting.

During the three years with LegitBS organizing the DEFCON CTF competition, a few modifications have been made:

  • The competition focuses on the inner workings of the computers, its security features and capabilities. Web exploitation has been completely ignored.
  • Various CPU architectures, operating systems, and languages.
  • The "Zero-Sum" scoring rule.
  • A wider skillset required: reverse engineering, vulnerability discovery, pwning, patching, network traffic analysis, system security, programming and debugging.