ctf
Safeguard articles tagged "ctf" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Does gamification actually make security training work?
picoCTF drew 18,000+ participants in 2025, but research shows points and badges boost engagement far more reliably than they change security behavior.
Running internal CTFs to build real security skills on engineering teams
picoCTF drew 39,000 players in 2019 across 160 countries — proof that gamified security training scales. Here's how to run the same model internally.
Running Capture the Flag exercises for internal security training
DEF CON CTF has run since 1996, yet most engineering orgs still train security awareness with slide decks instead of the format that actually built the industry.
CTF Writeup: Container SETUID Escape Techniques
A container-local root shell is not the flag. CVE-2019-5736 and CVE-2021-4034 both show how a SETUID binary inside a container can become a host compromise.
CTF writeup patterns: serialization and cryptographic puzzles, decoded
CVE-2013-0156 let attackers RCE Rails by feeding YAML into a parameter parser — the same insecure-deserialization pattern CTF players train on every weekend.
DEF CON 34 Preview: Agentic AI Security Takes Center Stage at Hacker Summer Camp
DEF CON 34 lands in Las Vegas August 6-9, 2026 under the theme 'Agency' — a deliberate nod to agentic AI. Here is what to watch, why it matters, and how to prepare before you board the plane.
Capture the Flag in Cybersecurity: How CTFs Build Real Skills
CTFs compress years of security intuition into weekends of deliberate practice. The main formats, what each one actually teaches, and how to start without getting demoralized.