No Limit Secu Podcast: DRSD's Unique CTF Event at European Cyber Week

In this special episode of the No Limit Secu podcast, recorded live during the European Cyber Week, the team welcomes two guests from the DRSD (Directorate of Intelligence and Defense Security) to discuss a unique Capture The Flag (CTF) event they organized. This CTF, designed by the DRSD, stood out for its innovative approach and ambition to bring together cyber talents from various French ministries. The guests, Commander Carl and Paul, detail the behind-the-scenes of this event, its objectives, challenges, and lessons learned.

The DRSD is a counter-intelligence service under the Ministry of the Armed Forces. Its primary role is to protect state institutions, military personnel, and defense-related companies from cyber threats and espionage attempts. This CTF, in its second edition, was initially conceived in 2023 as an internal exercise to enhance the technical skills of DRSD agents. Due to its success, the 2024 edition was opened to other intelligence services and ministries, aiming to create collaborative dynamics among the various cyber entities of the state. In total, 15 teams of four, totaling 60 participants, were invited to compete. These teams came from various services such as the DGSE, DGSI, DRM, DNRED, as well as schools like Polytechnique and organizations like Miade.

The CTF challenges covered a wide range of classic cybersecurity categories, such as cryptanalysis, forensics, OSINT (Open Source Intelligence), and reverse engineering. However, two categories stood out: the "MISK" category, which included diverse challenges like hardware hacking and physical intrusion, and the "realistic" category, which simulated Windows and Linux environments similar to those encountered in real-life penetration tests (pentests). For example, one hardware challenge involved picking a secure briefcase lock to access a Windows PC and retrieve a flag. To do this, teams had to exploit a DMA (Direct Memory Access) vulnerability via a PCI port, a technique that allows direct access to a system's memory without going through the processor. This type of challenge, very concrete, reflected the real missions of the DRSD and offered an immersive experience for participants.

Another notable aspect of this CTF was the impact of artificial intelligence, particularly the LIA tool, on team performance. Organizers were surprised to see how much AI facilitated solving challenges, especially for static tasks like reverse engineering or cryptanalysis. In some cases, LIA even provided the flags directly or guided participants to the vulnerabilities to exploit. This raised questions about balancing AI use and human skill development. Organizers explained that they tried to limit AI's impact by designing less "feedable" challenges for these tools, but with limited success. This issue highlights a major challenge for future CTFs: how to maintain a high level of difficulty while integrating new technologies like AI.

Logistically, this CTF required a massive investment of time and resources. Organizers spent nearly a year preparing the event, from designing the 57 challenges (over 40 created internally) to setting up a robust infrastructure to support 60 simultaneous participants. To ensure security and confidentiality, everything was internalized: servers, networks, and even monitoring tools. Teams were isolated in a "Faraday cage" to prevent cheating or espionage between services. Despite these precautions, there were some technical surprises, such as unexpected solutions found by participants. For example, during the DMA challenge, some teams discovered an alternative command to unlock the Windows session in minutes, whereas organizers had planned a much longer scenario.

The final podium held some surprises. The Cyber Command (ComCyber) won first place by solving more than half of the challenges, closely followed by a team heavily using LIA, and finally the DRM (Military Intelligence Directorate). Organizers emphasized that the main goal of this CTF was not just competition, but also strengthening ties between the various state cyber services. A "social event" was organized on the first evening to allow participants to network and create synergies. For the future, the DRSD hopes this CTF will become a recurring event, possibly taken over by other services or the winner of the next edition, as is tradition in the CTF community.

Finally, this episode highlights the importance of recruitment for the DRSD. By organizing such events, the service aims to attract talent in the field of cybersecurity, whether civilian, military, or contractual. The desired profiles are varied: technicians, engineers, AI experts, or forensic analysts. For those interested in joining the DRSD, the recruitment process is detailed on their official website. This CTF also demonstrated that the DRSD plays a key role in French cybersecurity, protecting not only state institutions but also defense-related companies.

In summary, this episode of No Limit Secu provides a fascinating glimpse into the behind-the-scenes of a high-level CTF, while addressing current issues such as the impact of AI, collaboration between state services, and the technical challenges of organizing such an event. Whether you are a cybersecurity enthusiast, student, or professional in the field, this podcast is a wealth of information and inspiration for understanding the realities of the field.