Our intern Marije Radstaak took the time to write us a brief post about her time with us and her assignment; implement a CTF platform! Here it is:
My name is Marije Radstaak. At the moment I study HBO-ICT: Cybersecurity & Cloud and I did an internship at LinProfs. The assignment was to implement a Capture The Flag (CTF) platform, with the aim of training employees and testing applicants.
First of all, extensive research was done into various CTF platforms. These were compared with each other and on the basis of the requirements and wishes of LinProfs one platform came out on top, namely Root the Box. Root the Box is easy to deploy with Docker. The deployment is automated on the LinProfs servers by means of Ansible. Various playbooks have been written for this. Multiple Root the Box containers can run side by side and are accessible via an nginx reverse proxy.
Of course, a CTF platform also includes challenges. Docker challenges and Virtual Machine challenges have been implemented. There are a number of challenges made by Docker, but also existing images with a CVE vulnerability. These challenges are deployed to another LinProfs server, also via Ansible and with an nginx reverse proxy. The Virtual Machine challenges are pre-made OVA/OVF files which are deployed via Terraform to VMware ESXi.
All in all, it has become a nice whole and I have learned a lot about security, by making challenges myself and of course by testing. I also got more experience with Ansible and Terraform, thanks to the help of LinProfs engineers!