(Presented by Philipp Sieber (Hacking-Lab)) Many capture-the-flag competitions consist of “Jeopardy”-style challenges only. Participants/Teams are more or less isolated from each other, and claim points for solving security challenges and puzzles. At the end of the day, the team with the highest score wins. Hacking-Lab has implemented an “Attack/Defense” CTF-System, which allow much more dynamic and realistic team battles! The system is approved, and used for international competitions like the European Cyber Security Challenge. In this session, we will give an introduction into the system and its inner workings. We will explain the ideas behind it and show what makes the system unique. We will also talk about our experience from international competitions. The system deploys an “all-against-all” setup, in whcih each team gets the same set of applications. The goal is both to attack the opponent team’s applications, and to defend and protect the own application. For the defense part, the teams get access to a source code repository, and can trigger a build. Once a build is triggered, the CTF system automatically builds and deploys the new version of the application. A score bot is permanently testing whether the applications are still vulnerable. Besides the attack/defense part, there are other tasks as well. In total, teams have to perform the following tasks simultaneously: * ATTACK – attack the other team’s applications * DEFENSE – protect own applications secure * CODE-PATCHING – find and patch vulnerabilities * AVAILABILITY – keep applications up and running * JEOPARDY – solve hacking challenges * ACHIEVEMENT – build up or install an application * POWNED – own servers (0-day exploits)