CTFd<\/a>, an open source framework specifically for CTF events. The usability was very intuitive and our challenges could be embedded very well with the stored flags. The platform served as a dashboard and was therefore the first point of contact for the participants. <\/p>\nThe challenges: where creativity meets security gaps<\/h4>\n
The infrastructure was followed by the design of the challenges. We wanted to offer a range of challenges covering different security areas, including web security, network and configuration errors. Examples included an API challenge that highlighted classic API development mistakes, a login web application and a crawling maze where the file system was a labyrinth designed to mislead the players. It was important to us that each task aimed to reflect different levels of difficulty and expose participants to a wide range of vulnerabilities – from easier to more challenging gaps. Hints could be exchanged for points if required. After an internal test phase, the event was ready for launch. <\/p>\n
The event: When developers become hackers<\/h4>\n
Four teams of three to four developers took part. As studies and training often focus on other topics, the area of IT security is often neglected in application development. As a result, most of the participants had no prior knowledge in this area, but this was no obstacle. Over the course of four hours, the teams worked intensively on cybersecurity, developed solutions and tirelessly searched for the next flag. The feedback from the participants was very positive. Many said that they had gained valuable new insights, which was in line with our goal of raising awareness of security risks. It was also exciting for us to see how the participants came up with innovative solutions that we would not have expected ourselves. As is so often the case, there are several ways to achieve a goal. <\/p>\n
Review and outlook<\/h4>\n
The event was a complete success, and yet: nothing is perfect. We were also able to gain valuable insights. One key lesson was that a large number of challenges can often be overwhelming for newcomers. Many participants had the urge to tackle the challenges one after the other and to bite their teeth out on some challenges. In principle, this is a good thing, as it shows perseverance and a willingness to solve problems. However, due to the limited time frame, it is worth taking a broader approach and trying out different challenges. This mirrors real-life pentesting, where fixed time frames are also set. In order to effectively identify weaknesses, it is crucial to take a strategic approach and not spend too long on individual challenges so as not to lose sight of the bigger picture. Based on this, we have already developed some ideas for future events and will continue to optimize the task structure. All in all, this first CTF competition was an exciting experiment and was great fun for both us and the participants. We are already looking forward to introducing more people to the safety sector in a fun way in the future. A brief summary of the technical set-up: <\/p>\n
\n- AWS was chosen as the hosting provider<\/li>\n
- CTFd was selected as the CTF platform (as a kind of dashboard for the challenges and the points collected by the participants)\n
\n- Users \/ teams log in there and can see the challenges from there<\/li>\n<\/ul>\n<\/li>\n
- everything takes place within a VPN<\/li>\n
- the challenges were specially created by us<\/li>\n
- Each challenge offers a short introductory text in advance, which is intended to provide information on the possible security vulnerability<\/li>\n
- there are challenges in a wide variety of areas (API, web, crawling, etc.) with different levels of difficulty<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/CTF-Schaubild.png\")
<\/p>\n","protected":false},"excerpt":{"rendered":"
As part of an assignment, we were given the opportunity to organize a CTF competition. “CTF” stands for “Capture the Flag” and describes a type of hacking Olympics in IT security. Participants demonstrate their skills in teams or alone by solving challenging tasks. The aim is to find so-called “flags” (hidden keys) in order to […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[11],"tags":[],"class_list":["post-8858","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
A look behind the scenes: Field report on the organization and implementation of a CTF event - KALWEIT ITS GmbH<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A look behind the scenes: Field report on the organization and implementation of a CTF event\" \/>\n<meta property=\"og:description\" content=\"As part of an assignment, we were given the opportunity to organize a CTF competition. “CTF” stands for “Capture the Flag” and describes a type of hacking Olympics in IT security. Participants demonstrate their skills in teams or alone by solving challenging tasks. The aim is to find so-called “flags” (hidden keys) in order to […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/\" \/>\n<meta property=\"og:site_name\" content=\"KALWEIT ITS GmbH\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-29T12:21:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"2100\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"aquariumtelefondose1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"aquariumtelefondose1\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/\"},\"author\":{\"name\":\"aquariumtelefondose1\",\"@id\":\"https:\/\/kalweit-its.de\/en\/#\/schema\/person\/1f98312dfc03ad7313099feea6e6e317\"},\"headline\":\"A look behind the scenes: Field report on the organization and implementation of a CTF event\",\"datePublished\":\"2025-01-29T12:21:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/\"},\"wordCount\":850,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/\",\"url\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/\",\"name\":\"A look behind the scenes: Field report on the organization and implementation of a CTF event - KALWEIT ITS GmbH\",\"isPartOf\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png\",\"datePublished\":\"2025-01-29T12:21:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage\",\"url\":\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png\",\"contentUrl\":\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/kalweit-its.de\/en\/home\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A look behind the scenes: Field report on the organization and implementation of a CTF event\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalweit-its.de\/en\/#website\",\"url\":\"https:\/\/kalweit-its.de\/en\/\",\"name\":\"KALWEIT ITS GmbH\",\"description\":\"Unabh\u00e4ngige Unternehmensberatung f\u00fcr IT-Sicherheit\",\"publisher\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalweit-its.de\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalweit-its.de\/en\/#organization\",\"name\":\"KALWEIT ITS GmbH\",\"url\":\"https:\/\/kalweit-its.de\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalweit-its.de\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/03\/Kalweit-ITS-Logo.svg\",\"contentUrl\":\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/03\/Kalweit-ITS-Logo.svg\",\"width\":701,\"height\":81,\"caption\":\"KALWEIT ITS GmbH\"},\"image\":{\"@id\":\"https:\/\/kalweit-its.de\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/kalweit-its\/\",\"https:\/\/www.instagram.com\/kalweit.its\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalweit-its.de\/en\/#\/schema\/person\/1f98312dfc03ad7313099feea6e6e317\",\"name\":\"aquariumtelefondose1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalweit-its.de\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/765a48389486ca682c3180d3ec466ce3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/765a48389486ca682c3180d3ec466ce3?s=96&d=mm&r=g\",\"caption\":\"aquariumtelefondose1\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A look behind the scenes: Field report on the organization and implementation of a CTF event - KALWEIT ITS GmbH","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/","og_locale":"en_US","og_type":"article","og_title":"A look behind the scenes: Field report on the organization and implementation of a CTF event","og_description":"As part of an assignment, we were given the opportunity to organize a CTF competition. “CTF” stands for “Capture the Flag” and describes a type of hacking Olympics in IT security. Participants demonstrate their skills in teams or alone by solving challenging tasks. The aim is to find so-called “flags” (hidden keys) in order to […]","og_url":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/","og_site_name":"KALWEIT ITS GmbH","article_published_time":"2025-01-29T12:21:16+00:00","og_image":[{"width":2100,"height":2100,"url":"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png","type":"image\/png"}],"author":"aquariumtelefondose1","twitter_card":"summary_large_image","twitter_misc":{"Written by":"aquariumtelefondose1","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#article","isPartOf":{"@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/"},"author":{"name":"aquariumtelefondose1","@id":"https:\/\/kalweit-its.de\/en\/#\/schema\/person\/1f98312dfc03ad7313099feea6e6e317"},"headline":"A look behind the scenes: Field report on the organization and implementation of a CTF event","datePublished":"2025-01-29T12:21:16+00:00","mainEntityOfPage":{"@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/"},"wordCount":850,"commentCount":0,"publisher":{"@id":"https:\/\/kalweit-its.de\/en\/#organization"},"image":{"@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage"},"thumbnailUrl":"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/","url":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/","name":"A look behind the scenes: Field report on the organization and implementation of a CTF event - KALWEIT ITS GmbH","isPartOf":{"@id":"https:\/\/kalweit-its.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage"},"image":{"@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage"},"thumbnailUrl":"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png","datePublished":"2025-01-29T12:21:16+00:00","breadcrumb":{"@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#primaryimage","url":"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png","contentUrl":"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png"},{"@type":"BreadcrumbList","@id":"https:\/\/kalweit-its.de\/en\/a-look-behind-the-scenes-field-report-on-the-organization-and-implementation-of-a-ctf-event\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/kalweit-its.de\/en\/home\/"},{"@type":"ListItem","position":2,"name":"A look behind the scenes: Field report on the organization and implementation of a CTF event"}]},{"@type":"WebSite","@id":"https:\/\/kalweit-its.de\/en\/#website","url":"https:\/\/kalweit-its.de\/en\/","name":"KALWEIT ITS GmbH","description":"Unabh\u00e4ngige Unternehmensberatung f\u00fcr IT-Sicherheit","publisher":{"@id":"https:\/\/kalweit-its.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalweit-its.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalweit-its.de\/en\/#organization","name":"KALWEIT ITS GmbH","url":"https:\/\/kalweit-its.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalweit-its.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/03\/Kalweit-ITS-Logo.svg","contentUrl":"https:\/\/kalweit-its.de\/wp-content\/uploads\/2022\/03\/Kalweit-ITS-Logo.svg","width":701,"height":81,"caption":"KALWEIT ITS GmbH"},"image":{"@id":"https:\/\/kalweit-its.de\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/kalweit-its\/","https:\/\/www.instagram.com\/kalweit.its\/"]},{"@type":"Person","@id":"https:\/\/kalweit-its.de\/en\/#\/schema\/person\/1f98312dfc03ad7313099feea6e6e317","name":"aquariumtelefondose1","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalweit-its.de\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/765a48389486ca682c3180d3ec466ce3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/765a48389486ca682c3180d3ec466ce3?s=96&d=mm&r=g","caption":"aquariumtelefondose1"}}]}},"_links":{"self":[{"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/posts\/8858","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/comments?post=8858"}],"version-history":[{"count":0,"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/posts\/8858\/revisions"}],"wp:attachment":[{"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/media?parent=8858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/categories?post=8858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalweit-its.de\/en\/wp-json\/wp\/v2\/tags?post=8858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/kalweit-its.de\/wp-content\/uploads\/2025\/01\/Grafik-CTF-Blogartikel.png\")
<\/p>\n