Capture The Flag Games in Role-Playing Games

I’ve recently been running a 5e-based game with my usual role-playing nerd circle on Sunday nights. The game is called The Spy Game. It started off as a Kickstarter campaign and doubled it’s original funding goal (well done!) It’s been fairly successful, but I’m not here to talk about that. This post is about how I’ve incorporated Capture the Flag elements to our role playing.

Yes, I’m a grown man who plays D&D-style games. We play D20 games, which are role-playing games that use dice to determine the outcomes of certain actions. They have become increasingly popularized in the media, with Stranger Things being a large contributor. I did not grow up playing D&D, but started playing when my poker group decided to mix it up. Yes that is true.

What is The Spy Game?

The Spy Game is a role-playing game that is built around telling stories set in a today-like world with… spies. That means your players pick what type of spy they want to play, and make up back stories, choose classes (Infiltrator, Assassin, Medic, etc.) Then the Game Master (me) makes up scenarios and missions for them to go on. The players decide what they want to do (e.g. attack a security guard) and they roll a die to see how devastating their attack on the poor guard was. And while this is a gross over-simplification, it’s good enough for our purposes.

Quickly, What is Capture the Flag?

Capture the flag (commonly CFP), is a style of network and systems security penetration-testing simulation for fun. The idea is that a security expert creates a small, simulated computer system that players try to break into, or crack a code to find a “flag”. The flag is the indicator of the player’s success. For example, you might be given a website that has some sort of password protection that is beatable with certain techniques. Once you bypass the security, you discovery a flag. These are often written as {Flag-name} or something similar to allow the players to know they have been successful. You can read all about them on Wikipedia, or play there with Hacker101 or even Google.

Combining CTFs and Role Playing

My roleplaying group is fairly nerdy (does that go without saying?) So I wanted to make the game a little technical and different from our usual swords and sorcery chaos romps. I thought it would be interesting for those in the group who are less technically minded to learn a little about actual hacking, rather than the “roll the dice to try and hack the system” that is built into the game. The more experienced computer-people in the group could screen share as they worked, and the team could work out the problems together. Everyone wins!

It has worked out really, really well. Everyone has enjoyed these CTFs, including me. I’ve only written a few so far, but they include:

Breaking a password to get into a security camera interface
Finding the GPS coordinates of an arms deal that is going down, hidden in a base-64 string
Decoding a message between two terrorists, hidden in an image
Cracking a cipher (spoilers) to get the code words for the security team on duty needed for a break-in!

You can find them the few I’ve written so far here on Github.

These ideas were heavily influenced by the excellent CTF run by the one and only Connor Tumbleson, at Sourcetoad.

Writing CTFs with ChatGPT

I would highly recommend adding a real world CTF to your next role playing adventure. But who has the time? Enter AI with ChatGPT. One of the scary things about ChatGPT is that it writes decent code, but it is only as good as the prompts you give it, and it is NOT secure. So basically anything you tell the bot to write for you has an exploit big enough to drive a bus through. This should be scary to anyone using it for production work, but it is amazing for CTFs.

I’ve also used ChatGPT to write quick and dirty interfaces (like the security camera on-off switch). Is it pretty? No! Would I use anything like that for a client or anywhere near a production environment? Hell no! But it’s MORE that good enough for a fun evening with friends, gathered around a Zoom table, working out how to hack into a secret vault.

Previous ArticleAre School Bus Tracking Systems Dangerous?Next ArticleHow to Land Your First Tech Job: Or at least what I will tell you

Greg

I help cruise lines turn their technical ideas into reality. I'm experienced in all stages of innovation and technology management. I've also been programing since I was 8 years old, and have somehow retained the ability to have normal human interactions. Occasionally I speak about how Industrial Psychology and Neurophysiology can be interrogated with IT and systems management, because I spend a lot of time thinking about the subject, as strange as that may seem.

You must be logged in to post a comment.

How to Land Your First Tech Job: Or at least what I will tell you

April 2, 2024 17:36April 3, 2024In Technology

Ah, the age-old question that haunts every college graduate’s dreams: “How do I get a job?” But not just any job. A job that doesn’t involve asking, “Would you like fries with that?” unless it’s a cheeky Slack message to your new tech team while deploying code (because, let’s face it, multitasking is key).

So, you’re fresh out of college, armed with a degree, and ready to conquer the tech world. But there’s a catch – everyone wants experience, and you’re fresh out of that. It’s like needing a job to get experience but needing experience to get a job. A real chicken and egg situation, except less philosophical and more annoying.

Now, before you start sending LinkedIn invites to every CEO with a pulse, hoping one of them will notice your enthusiasm (or desperation), let’s talk strategy.

1. Start a Blog – No, Seriously

First things first, start a blog. I give this advice to everyone, and you’re not going to take it, but I will keep trying.

“But I’m not a writer,” you protest. Well, guess what? Neither are most of your competitors when it comes to that job interview. But here’s the thing – writing helps you articulate thoughts, share knowledge, and most importantly, shows you’re committed. Write about what excites you in tech. Dissect the latest AI breakthrough, or maybe just rant about why tabs are better than spaces. It’s your stage. It’ll also help you greatly when interviewing. If you’ve actually researched and forced yourself to write about a topic, it’s WAY easier to talk about it.

If the thought of cranking out 500 words twice a week makes you sweat, consider this: if you can’t commit to a blog, how will you commit to a job? Harsh but fair.

2. Ship Something… Anything!

Next, if you’re a coder, designer, or any species of maker, you need to create something and get it out into the world. A portfolio is great, but a product is better. It doesn’t have to be the next Facebook. Heck, it can be a to-do list app that makes a satisfying ‘ding’ sound when you check off an item. But it shows you can see a project through from start to finish. Plus, nothing beats the thrill of seeing your creation out in the wild, even if it’s only used by three people (including your mom). And three users is way more than what most juniors come to interviews with.

3. Polish That LinkedIn Profile

Ah, LinkedIn, the worse MySpace of the professional world. It might not be the most exhilarating social network, but it’s where the grown-ups and LinkedIn Lunatics go to humble brag. So, get your profile in tip-top shape. Showcase your blog, add a professional photo (no, your beach selfie doesn’t count), and maybe sprinkle in a few insightful comments on posts. Show the world you know how to play the game. It’s only for show as a junior, and everyone knows it, so don’t go overboard.

4. Read. Then Read Some More.

While not the world’s biggest Jim Mattis fan, I got a bit of a kick in the pants after reading his Call Sign Chaos: Learning to Lead. In it he said “If you haven’t read 100 books on the field in which you claim to be an expert, then you are functionally illiterate.” That was a bit of a wake up call for me as a CEO. So if you’re a junior, lets make that rule “If you haven’t read at least five books about your chosen profession, you’re not ready to be a junior anything.” It’s a bold claim, but let’s face it, you’re competing with people who live and breathe this stuff. Catch up.

5. Network, Even If It’s Painful

Finally, networking. Yes, it’s awkward. Yes, it feels like speed dating but with business cards. But knowing what’s happening in your field and who the players are is invaluable. So, go to those tech meetups, chat with people, and yes, maybe even endure a few boring conversations about someone’s revolutionary blockchain startup. Try and meet one or two people who know me before you reach out to me. Then we can have someone to gossip about, and it’ll feel more personal. Tampa has a few good tech networks that throw decent, free events where you can find people who know me. Check out Tampa Bay Wave, Embarc Collective, and Tampa Bay Technology Forum.

And there you have it. Five steps to improve your odds of landing a job in tech. Most won’t follow this advice, but if you do, you’ll be ahead of the game. And who knows, one day, I might be asking you for a job. Or at least, for some tips on my blog.

Greg Ross-Munro