Since its inception, Hosted CTFd has helped hundreds of competitions and classes simplify their cyber security events. One of the main ways that we get feedback and feature requests for CTFd is from customers of our hosted service.
Amongst other things, a common ask is whether or not we support a self-hosted installation.
We are proud to begin publicly offering CTFd Enterprise to fulfill exactly that need!
CTFd Enterprise is a customized version of CTFd containing a majority of Hosted CTFd features as well as an expanded feature set and chat support over Slack.
In addition to self hosted installations we are working on offering a hosted version of CTFd Enterprise. Expected Q4 2021.
What's New
CTFd Enterprise is primarily focused on providing a long running portal for cyber security classes and workshops. Think a company's cyber security onboarding class or an application security class or as a scoreboard companion for a cyber range.
To that end, CTFd Enterprise contains new features intended to meet the needs of large competitions and companies.
If you're short on time, here's a quick rundown:
CTFd Enterprise |
---|
Self hostable (cloud in Q4 2021) |
King of the Hill challenges |
Web shells/terminals |
LDAP/SAML/SSO authentication |
Admin Roles |
All Hosted CTFd features |
Private Slack Channel with CTFd developers |
New Game Types
We love the Jeopardy CTF model. It's very easy to get started with and doesn't require a lot of specialized infrastructure. However, it's true that other competition types convey a different kind of scenario with their own kinds of learning benefits.
It's been a long time desire of ours to support other game types beyond the Jeopardy CTF.
Starting with King of the Hill type challenges, CTFd Enterprise supports additional game types beyond the traditional Jeopardy CTF.
Instead of having to solve a specific challenge problem, King of the Hill challenges require a player to place their account identifier on a specific server. CTFd will then check those servers for the identifier and award points to the team controlling the server.
Here's an example of a King of the Hill challenge:
King of the Hill challenges are just the start. We're actively looking at implementing other types of challenges.
We've already implemented ideas like multiple choice, short answer questions, programming questions and have been very impressed with how those have been used. We're excited to see what new types of CTF content are created by the community!
Individualized Infrastructure
Very often in CTFs, one user can trample on a server making it impossible for others to solve or result in situations where a server is completely inaccessible.
CTFd Enterprise leverages our challenge deployment systems to allow individual users to deploy their own instances of challenges.
Each user gets their own individual infrastructure. And if their allocated server is broken, they can easily reset it and try again.
Web shells
One critical point that we've seen is that some users aren't able to run the complex cyber security tooling in their locked down environments. Some students only have chromebooks!
So CTFd Enterprise provides a beta web shell tool that integrates with CTFd. Inside the shell, users can install whatever they need and interact with it with purely a browser:
We call this project shelld.
shelld's main differences over other web shell type solutions is that a user's home directory is saved as they're working and shelld is a container based solution.
This means that user environments can be safely destroyed if needed without losing any user work. They may need to reinstall tooling but that's much better than losing carefully written scripts! Also because it's a container it means it's very easy to add new and custom tools as needed.
We're just getting started with shelld but we've used it in some of our own events and feel that it's ready to open it up to the outside world. It can be a little tricky to setup so we're also extended access to our online shelld setup to CTFd Enterprise customers while the kinks get ironed out.
Improved User Authentication & Permissions
The workplace has many different kinds of authentication mechanisms. Whether it's Google Workplace/GSuite SSO or LDAP/Active Directory or SAML (Auth0, Okta, etc). CTFd Enterprise has support for all the aforementioned.
If you have a specific authentication provider reach out and we'll let you know if we support it or can add support.
In addition, CTFd Enterprise supports new types of admin users for an improved permissions model.
For example, you can have users that can only edit the page content, you can have users that can add challenges but can't touch any configuration settings, and you can have view only admin users.
All CTFd Cloud Features
In addition to the above, CTFd Enterprise comes with all Hosted CTFd features.
Including things like webhooks, programming challenges, all our plugins & themes, and our custom challenge deployment code.
In some very specific cases where our solution is far too custom to our hosted infrastructure, we will instead share our approaches and provide support rather than directly share our solution.
Support
Speaking of support, we understand that running CTFs can be a stressful time.
CTFd Enterprise customers will receive a Slack Connect channel where they can ask CTFd developers questions about how to do something or get recommendations about how to structure a problem in a CTF format. Additional on-call dedicated support time can also be scheduled.
Availability
CTFd Enterprise is now available for self-hosted installation. Contact us to schedule a demo or trial!
We are working on preparing our infrastructure to support cloud installations of CTFd Enterprise. We expect that to be available in Q4 2021.
Educational Discounts
We know that a very large amount of CTFd users are teachers, students, and professors! We already offer an educational and non-profit discount on our hosted services and we absolutely will be expanding it to our Enterprise solution.
We haven't completely finalized pricing for educational users but if you're from an educational institution looking to use CTFd Enterprise, please reach out! We'd love to hear your use case!
And if you're a an educational institution that's been running a public competition definitely reach out to us! We have some ideas around offering CTFd Enterprise at no-cost for public university-run competitions.
Wrapping Up
We've been hard at work on CTFd Enterprise for the last year! Originally we had expected to release it in 2020 but we all know what happened then. Once the pandemic set in and with everyone working remotely we had to change plans entirely to focus on our hosting infrastructure.
Now that the dust has settled and we're returning to normalcy we feel that the time is right to release CTFd Enterprise as people return to their offices and can enjoy things like in-person CTF events.
We expect CTFd Enterprise to expand CTFd beyond CTFs and help make the CTF model more applicable in the workplace and university. By standardizing the tools inherent to the CTF community and cyber security workplace we believe that we can help students, employees, and the general public be a little more more cyber security capable.
If you think you can use CTFd Enterprise to help run your cyber security training, contact us to schedule a demo or trial!
Not what you were expecting?
We're still very open to developing new features into CTFd Enterprise.
Tell us about your use case!