Post

How can we stop cheaters in CTFs?

Posted Updated
By Saad
3 min read

Hello there, it’s TheCyberSimon!

I have spent a good amount of time being with CTF Players and communities of these awesome Cybersecurity training platforms such as HackTheBox and TryHackMe.

I usually see some people pretending to be “hackers” that are cheating on CTFs and ruining their learning process. Recently, I have been looking into these people’s behavior. All they do is copy answers from writeups and make points to show off to others.

At some point, I got really tired of these people, so I came to a conclusion. Why not report these cheaters and also try to bait them to know if they are cheating in actual.

Mostly, if I come across a cheater or a flag trader, I would ask them simple questions. For example, (based on a real story), I stumbled upon a friend’s profile on HackTheBox; they got user on Corporate machine. I asked them a very simple question about the box, “What was the foothold?” They couldn’t answer. After a couple of minutes, they replied that it was XSS. When I asked how they did the XSS, they said their friend helped them with it. I then asked how they figured to bypass CSP on the site and obtain the cookies, to which they didn’t reply. In the end, they told the truth that they cheated on the box.

Common ways that indicate if someone is cheating:

  1. “Oh, I can’t remember exactly, I forgot how I did it!”

  2. “Sorry mate, I’m busy” or “Hmm, let me see my notes” and they never reply when asked for help.

  3. They will get stuck on simple problems, like “Oh, I’m having issues with WSL, I can’t fix it,” despite having solved more complex challenges.

  4. They will try to show off and act like they know everything.

What I do with these cheaters?

If I stumble upon suspicious activity or someone’s suspicious behavior, I report their profile. If it’s a CTF, I contact the admin as fast as I can and provide the proofs.

I know no one cares if someone cheats or not, but I do if someone is interested in learning but ends up using writeups or cheating. It hurts to see when someone is ruining their learning. It’s more of a personal experience. When I started, I went through the same thing, but now I realize my mistake and I don’t want to cause others the same thing.

One of the things is platforms’ terms of service, like you can’t make a writeup of active content on HTB or can’t publish a writeup before 72 hours on THM - such platforms have their own rules and TOS. But some people still do it, which encourages newbies to do active content on HTB to get points and show off to others.

Prevention

Well, it ruins their learning and they try to cheat in everything, ruining their own methodology. Then somehow these people get jobs in the industry and talented people get nothing.

Well Here’s what we can do:

  • Flags should be dynamic!
  • Cheaters should be reported as fast as you can, and you should reach out to the admins.
  • If it’s a platform, for example: If it’s HTB, Send the writeup of active content or cheater’s profile directly to HTB staff.

Thanks for reading!!

finding-cheaters, hunting-cheaters, why-cheat
how-to-stop-cheaters stopping-cheaters lapring-solutions
This post is licensed under CC BY 4.0 by the author.