Playing a CTF alone and playing one as a team are genuinely different activities. The technical part is the same, but the coordination layer matters a lot — who is working on what, how you avoid duplicate effort, when you call for help, and how you make sure the knowledge from each event does not just disappear afterward.
This is how we currently handle it.
Before The Event
We usually do a short prep session before a CTF starts, especially for events we care about. The goal is not to over-plan — most plans fall apart in the first hour anyway — but to make sure everyone knows where to be and what we are starting from.
The things we actually figure out before the gun goes off:
- Which categories each member is primarily covering
- What time zone overlap we have (this matters more than people admit)
- Where we are sharing notes — usually a shared doc or repo
- Whether we are streaming or recording anything
Category assignment is loose on purpose. We do not want people feeling locked out of challenges that interest them. But having a primary person per category means someone is always at least looking at each section instead of everyone assuming someone else got it.
During The Event
Once challenges drop, the first thing everyone does is scan the scoreboard — points, solves, category distribution. That scan takes five minutes and tells you a lot about where the low-hanging fruit probably is and where the competition is clustering.
From there, it is mostly async. People pick up challenges, post a quick note in the shared channel when they are on something, and flag when they are stuck. The channel note is important: it prevents two people from spending three hours on the same challenge without knowing about each other.
When To Ask For Help
This is something we actively try to calibrate. The bad pattern is either extreme — grinding alone for six hours with no signal, or pinging for help after five minutes.
Our rough guideline is: if you have been stuck for more than 45 minutes and you have not made any forward progress at all, say something. Not necessarily asking someone to take over, just flagging it so a second pair of eyes can look. Often the fastest fix is a two-minute conversation that breaks the mental loop.
What We Keep Notes On
Even during the event, we try to keep some notes per challenge:
- What we tried
- What the service / binary / file looks like at first glance
- Any dead ends (these matter for the writeup later)
Notes do not need to be clean. They just need to exist.
After The Event
This is the part most teams skip, and it is where a lot of the value gets lost.
We do two things after every meaningful event:
Writeups
We write up at least the most interesting solves, ideally within a week of the event while the memory is fresh. Writeups go on this site. The format is not strict — some are full step-by-step breakdowns, some are more like notes from the solve — but they need to cover the key insight, the exploit, and the flag.
The reason we prioritize this is simple: writing the solve forces you to actually understand what you did. You can get through a challenge on intuition and muscle memory and never really consolidate the lesson. Writing it out fixes that.
Brief Retrospective
For events we actually cared about, we do a short debrief. Not a long meeting — usually just async notes or a quick call.
Questions we actually ask:
- What categories did we underperform in?
- Were there challenges we could have solved but did not because of coordination failures?
- Did anyone get blocked somewhere that was fixable?
- What should we go study before the next one?
The goal is not to assign blame. The goal is to make the next event a little better than this one.
What We Are Still Improving
We are not saying this is solved. The things we are still figuring out:
- Getting more members writing writeups consistently (this is harder than it sounds)
- Better tooling for sharing solve state in real time
- Actually following through on the study items that come out of retrospectives
A team coordination problem is never really finished. You just keep making it less bad.