Creating a CTF: The Success of Flag Hunt Bangladesh
Remonsec shares how online challenges with fellow hackers turned into a massive event
About the CTF
Flag Hunt 2022 CTF was the first ever two-stage event in Bangladesh, where the qualification round took place online among 159 teams and 30 finalist teams participated onsite. Under the banner of CTF Community Bangladesh, a management team of various security specialists from the infosec community oversaw the event. The top teams would compete for monetary prizes, course vouchers, and swag items!
Flag Hunt Winning Teams
Who are the creators/founders of the CTF?
In 2019 Amir Hamza (mr_vill4in) posted a challenge online that Remon (remonsec) solved and shared with his fellow researchers. After sharing, Antu (0xAntu), Tasdir (tasdir_x ), Rasel (Mdrasel1230), and Rahat (binsec01) became involved by posting various CTF challenges that others could solve. This trend of CTF development became the catalyst for the formation of CTF Community of Bangladesh. In our yearly event, we receive fantastic support from researchers like Rayhan (Rayhan0x01), Tahsin (SMHTahsin33), and many more. We want to thank everyone who helped us to become what we are now.
What inspired you to create this CTF?
We enjoyed participating in international CTFs, such as the H@cktivityCon CTF by HackerOne and NahamCon CTF (with another CTF scheduled for December 17th). They inspired us to create an event like this on a national level to encourage more hackers to join cybersecurity and grow the local community more.
Flag Hunt Group Photo
What challenges did hackers get to solve? How many challenges were there?
The challenges solved by the hackers were all built to simulate real-world cybersecurity scenarios. The challenge categories included web, forensics, mobile, binary exploitations, crypto, and OSINT. There were 35 challenges in the qualification round and another 25 in the finals.
How much time went into planning this event?
It took two months to plan and organize this event. In the end, the CTF was a success with the determined efforts of bug bounty hunters, security engineers, and a handful of volunteers from the community. The meetings we held collectively pushed an idea into reality.
Flag Hunt Teams in Action
What advice do you have for people running events like these?
We should remember that mistakes are bound to happen while organizing events like this. But we can learn from those mistakes and make them better each year.
I learned that clear communication is integral when hosting live events! One miscommunication can lead to a snowball effect of confusion. It happened to our internal team at one point. We learned that it is essential for everyone to be clear on their roles and to be able to follow the lead. This stability will lead teams to align and make the right moves.
How did HackerOne get involved/support the event?
We have seen HackerOne organize CTF events, and they always support the events that help the community grow. The local community had direct communication with HackerOne via their brand ambassador program. We thank HackerOne for supporting this event by sponsoring us!
HackerOne Sitting Front and Center at Flag Hunt CTF
The 7th Annual Hacker-Powered Security Report