CTFd VS ctfd-account-hook

During the last weekend, a small cyber security club at my town organized their first online CTF competition. I offered to take care of the infrastructure since I've been tinkering with CTFd for a couple of weeks and surprisingly everything went well! (Except two server outages that didn't last long 😁) That's why I'm here sharing with you the process of how I set up, configured, and monitored a CTF platform that handled 150+ users simultaneously totally FOR FREE 💲

Under the hood, we use the open source CTF platform, CTFd. CTFd has its own system for registration and login. However, we wanted to use our own registration landing event for style and tracking purposes. Here are the requirements from our marketing team:

Currently we use our CTFd fork, containerised and hosted on DigitalOcean. Major problems are that it's a freemium software, so for questions that might need execution of code in some programming language, we'll have to pay for it (and our club can't afford that). Questions are mostly MCQ or Fill in the Box.

Thanks to our sponsors Anderson University (SC) & CTFd

Also, I would suggest using ctfd for management, with some plugins you can make it do most of what you need https://ctfd.io/ .

Are you using ctfd? https://ctfd.io/

I think it's a misnomer to say that CTFd is proprietary. While CTFd does have a hosting platform that uses closed source code, CTFd itself is open core and open source under the Apache 2 license. My company and I put a lot of effort into maintaining the open source version of CTFd while still being sustainable.

TryHackMe and CTFd might be worth a look.

If you want to organize and host a CTF event, one of the best and easiest options available for managing this is CTFd.

In this post, I’ll cover how the open source project I created — ctfd-account-hook — evolved to support a long-running, secured HTTP request to notify nearly 4,000 registered participants over email.