Skip to content

About echoCTF

Jump to bottom
Pantelis Roditis edited this page Jan 31, 2020 · 3 revisions

About echoCTF

Introduction

echoCTF is a pioneer computer security framework, developed by Echothrust Solutions, for running security related competitions (CTF).

echoCTF allows building and running capture the flag competitions for network penetration testing and security auditing on real IT infrastructure. It can also be used for security awareness and training purposes, by businesses and educational institutes.

echoCTF is designed to expose real and made-up vulnerabilities presenting the participants with functionality replicated from actual set-ups.

Any real-life network or system configuration can be supported and incorporated with echoCTF, allowing for testing the overall security of a given infrastructure.

echoCTF topics can include:

  • Network Scanning
  • Vulnerability Assessment and Report
  • Packet Analysis
  • Penetration Testing
  • Malware Analysis
  • Digital Forensics and Incident Response

echoCTF comes with everything needed to run a security competition with minimal effort.

echoCTF on events and conferences

There is no better way to increase registrations and participation at your event or conference than introducing a capture the flag competition.

echoCTF was designed to be used at events and conferences and comes ready with everything needed to run a security competition smoothly.

echoCTF can either be a part of your event by hosting a security competition between talks and presentations, or a core offering by performing a security competition exclusively based on the platform.

echoCTF can:

  • Increase registrations by introducing a fancy security competition into your event
  • Increase sponsor potentials, echoCTF is ideal to convince sponsor commitment
  • Eliminate venue dead spaces, echoCTF visuals can liven up small and empty spaces
  • Attract diverse sector sponsors
  • Introduce new activities for your event (workshops, demonstrations, etc)
  • Introduce new advertising options

echoCTF as testing platform

Governments and large enterprises often face difficulty in releasing new services and earning the trust of the public.

By using echoCTF as a way to test a new service or product you can:

  • Increase public trust in new products or services, by advertising its robustness under attacks.
  • Increase thoroughness of the security audit, having an entire arsenal of penetration-testers and hackers. This ensures your service or product is well armed against different types of attacks.
  • Decrease the chances of small bugs and threats to slip through, allowing participants to spot and report issues with the platform.
  • Train your team’s readiness by providing them the ability to interact with the systems being attacked.
  • Eliminate exposure by conducting a pre-launch security audit on a controlled environment. echoCTF keeps track of all traffic and stores the packets if needed for later study.
  • Help personnel discover, investigate and contain successful penetrations, in order to recover effectively from actual attacks.
  • Prepare the personnel with a solid response plan when a real-life attack will happen
  • Simulate and run real life cyber attacks based on the latest available vulnerabilities

echoCTF as training platform

Educational institutes and organisations who manage information technology and/or information security programs, are constantly on the lookout for the best ways to include up to date training material for personnel and students and arm them with the best hands-on learning resources available.

echoCTF can help in providing an up-to-date platform for Information Security training and testing. echoCTF can be used as a part or stand-alone course in providing hands on training on information security subjects.

echoCTF:

  • Is designed to be accessible to a broad level of participant skill level.
  • Participants are taught to utilize practical trial and error methodologies in a real-life simulated environments.
  • Allows to train the students effectively, allowing for better understanding of the techniques and technologies behind the information security lifecycle.
  • Can be customized to your specific course specifications
  • Provide hands-on experience to your personnel and students, using echoCTF as a lab for security courses.
  • Test the participant’s understanding on a subject, by putting them against practical scenarios.
  • Increase the participant's ability to maintain critical services while thwarting real-life attacks.
  • Is split into separate levels so players can quickly advance to the level of their expertise.

Diorama model add-ons

echoCTF can be accompanied by a diorama model representing a city, a control room or any other operation. Through special visualizations of the effects of security incidents on critical infrastructure, it allows better understanding of the consequences of a successful attack.

We have developed a smart city module called echoCiTy-F, representing an actual urban area of a smart city that illustrates critical buildings and infrastructures such as:

  • Communications
  • Energy
  • Transportation
  • Construction
  • General public infrastructure (cinemas, malls etc)
  • Landscape elements
  • and other related objects (roads, etc)

Every component of the model is connected to customized ICS and SCADA systems which are built with the latest specifications. Those systems are bridged with echoCTF framework to give a unique experience.

Features

  • Support all kinds of Cyber Range and CTF types (Jeopardy, Attack - Defense, Mixed)
  • Supports unlimited flags
  • Automatic Findings and Achievements, give points to participants for achieving a competition scope
  • Support automatic Hints system, allows to reach quickly to all participants
  • Supports any operating system and application
  • Real time visualization of network activity
  • Real time visualization of application level activities
  • Provides Dynamic Real Time scoring system
  • Supports team and individual game play
  • Personalized player dashboards
  • Supports any real system and technology, echoCTF can incorporate any system (software, hardware) into its gamified environment
  • Support Cloud based and on-premise installations
  • Separate Administrative and participants interface for increased security and performance
  • No licensing or usage fees, echoCTF is opensource and BSD Licensed

Target audience

  • Security Professionals
  • System Administrators
  • Network Administrators
  • Ethical Hackers
  • Penetration Testers
  • Incident Handlers
  • Forensic Analysts
  • Security Auditors
  • Vulnerability assessment personnel
  • Security Operations Center (SOC) staff members
  • University students and staff
  • Application Developers
  • System engineers

Contact Us

Echothrust Solutions can implement and run any type of CTF for you. We provide a wide range of services such as custom vulnerabilities development, Operating systems and applications to your exact specifications and requirements.

General inquiries: info [at] echothrust.com
Sales inquiries: sales [at] echothrust.com
Tel: +30 210 2230 050
Fax: +30 210 2230 054
http://www.echothrust.com
Clone this wiki locally