60 min · Domain Routing · Speed / Parallelism / HITL · Flag Extraction & Scoring
Prerequisite: S00, S01, S02, S03
A CTF is not a smaller pentest. It optimizes for speed to flag, not coverage.
S02 and S03 optimize for thoroughness. CTF inverts several of those constraints. The engineering discipline is knowing which inversions are safe and which are catastrophic.
pentest: thorough CTF: fast
| Domain | Reasoning | Tools | Context burn |
|---|---|---|---|
| Web | request manipulation, payload crafting | Burp headless, sqlmap, ffuf, XSS payloads | low-med |
| Pwn | memory layout, gadget chains | pwntools, GDB+pwndbg, checksec, ROPgadget | high |
| Crypto | weakness detection, math | CyberChef, SageMath, frequency analyzers | med |
| Forensics | artifact carving, parsing | binwalk, strings, exiftool, tshark | low |
| Reversing | disassembly, decompile triage | Ghidra headless, radare2, ltrace/strace | very high |
| Misc | stego, scripting, encoding | zsteg, stegsolve, custom Python | variable |
Uncertain? TriageAgent runs cheap probes (file, checksec, strings freq, HTTP code) and re-routes. Router is allowed to be uncertain; agents are not.
Four properties produce benchmark-level speed:
The first — no approval gates — is the most consequential and the most dangerous.
Safe when all three hold: (a) target owned or sandboxed, (b) isolated from production at network layer, (c) worst-case action is bounded (restart target, waste time).
| Context | HITL | Why |
|---|---|---|
| Owned Docker with CTF binary | remove | Owned, isolated, restartable |
| Competition sandboxed VM | remove | Sandboxed by organizer, isolated |
| Remote CTF service | partial | Service fair game; credential-reuse gate stays |
| Live bug bounty (NOT CTF) | keep | S02 rules apply; not owned |
| Production adjacent to sandbox | keep | Isolation unverified; blast radius unbounded |
~91s wall-clock
~8s wall-clock
Exception that stays: credential-reuse gate. Discovered creds are never auto-reused against other services. Unbounded risk.
Intra-challenge: multiple exploit hypotheses against one challenge, concurrently. First flag wins; loser killed.
Inter-challenge: 3–5 challenges concurrently, isolated sessions, isolated memory.
Shared memory is forbidden. Reintroduces the context pollution domain routing was designed to eliminate.
Flag detection is middleware on every tool output, not a step the agent remembers to call.
Why verify? Challenge descriptions, examples, and decoy output all contain flag-shaped strings. Submitting decoys burns attempts and trips rate limits.
POST /api/v1/challenges/attempt
Authorization: Token {token}
{ "challenge_id": id, "submission": "flag{...}" }
Response:
"correct" → mark solved, kill parallel, free slot
"incorrect" → log, agent continues
"already_solved" → treat as correct, do NOT re-submitRate-limit the client. 2–3s between submissions; per-challenge lockout after N wrong. Most scoreboards throttle teams that submit too fast.
With 5 challenges running concurrently, the scorecard is the only sane view.
| Field | Tracks |
|---|---|
| challenges[] | state: unattempted / in_progress / solved / abandoned; sessions; attempts; first_blood_at |
| flags_captured[] | flag strings, source challenge, source session, timestamp |
| flags_submitted[] | submission text, CTFd response, attempt count |
Metrics: challenges/hour · mean time to flag per domain · router accuracy · flag-extraction precision (true vs decoy).
The CTF harness is operational: domain router, specialized agents, autonomous mode, flag pipeline.
S05 builds the meta-harness — the layer that orchestrates bug bounty (S02), pentest (S03), and CTF (S04) harnesses into a single system that selects the right harness for the engagement type.