OWASP WrongSecrets CTF Party

The OWASP WrongSecrets CTF Party addresses the operational challenge of managing multiple instances of capture-the-flag (CTF) environments for large groups, particularly in security training and CTF events. This tool leverages a Kubernetes cluster to dynamically manage separate WrongSecrets instances for each participant, eliminating the need for local installations.

Technically, the architecture is based on a fork of OWASP MultiJuicer, adapted for a dynamic multi-tenant setup. It utilizes Helm for deployment, requiring the addition of the WrongSecrets repository to the Helm configuration. Each participant is allocated a dedicated WrongSecrets instance and a Webtop, ensuring isolated environments. The setup includes an admin interface for managing these instances, allowing for restarts and deletions of namespaces as needed. The tool also supports automatic cleanup of old and unused namespaces.

Operationally, the tool offers significant flexibility through customizable configurations. For example, you can define environment variables, resource limits (e.g., CPU and memory requests), and even specify runtime classes for additional isolation. The maximum number of WrongSecrets instances can be capped, and custom NODE_ENV settings can be applied. However, managing large-scale deployments requires careful resource planning, as the number of instances can impact cluster performance and costs, especially in cloud environments like Azure AKS.

From a technical details perspective, the WrongSecrets image is specified as jeroenwillemsen/wrongsecrets, and resource definitions can be set to ensure each instance runs within defined CPU and memory limits (e.g., 256Mi CPU and 300Mi memory). The tool also integrates with CTFD (Capture The Flag Dashboard) for challenge flag management, which can be set up manually or automatically depending on the chosen setup approach.