A Brief Intro to CTF Contests!
-
Upload
shabgrd -
Category
Technology
-
view
247 -
download
2
Transcript of A Brief Intro to CTF Contests!
CAPTURING THE FLAG
shabgard
How are we?
▪ Geek AsiralShabgard ?
Mormoroth(Not in our team)
What is CTF?
▪ Capture the Flag (CTF) is a special kind of information security competitions.
▪ Two common types of CTFs: Jeopardy, Attack-Defence.– Jeopardy-style CTFs has a couple of questions (tasks) in range
of categories. For example, Web, Forensic, Crypto, Binary or something else.
– Attack-defence is another interesting kind of competitions. Here every team has own network(or only one host) with vulnarable services. Your team has time for patching your services and developing exploits usually.
Flag?
▪ Hidden somewhere
▪ Usually in hex
via: www.betterhacker.com
Jeoperdy style task
▪ Pwning/Exploiting
▪ Reverse engineering
▪ Web hacking
▪ Crypto
▪ Secure coding
▪ Stegano
▪ Forensics
▪ Recon
▪ Social engineering
▪ Trivia
Atack-defence
Famous CTFs
▪ DEFCON– Jeopardy + Attack-defence
▪ CCAW (NYU– Jeopardy
▪ ICTF (UCSB)– Jeopardy + Attack-defence
Famous Teams
▪ Geek of cource ;)
▪ Iranian teams:– ASIS– SUT– Noob– Baghali– UICERT
▪ Global– Plaid Parliament of Pwning
(US)– Dragon Sector (PO)– More Smoked Leet Chicken
(RU)– StratumAuhuur (DE)
Tom croose
▪ George Hotz (1989)
▪ George competed alone in CSAW 2013 where he took first place competing alone under the pseudonym tomcr00se.
Ingredients
▪ Security skills like exploiting, crypto, … (daa..)
▪ Scripting
▪ Teamwork – team size matters too
▪ Lot’s of coffee
Where to start
▪ Online CTFs – CTFTime.org
▪ Past CTF archives– shell-storm.org/repo/CTF– capture.thefl.ag
▪ Read write-ups– CTFTime.org– Team’s blogs
▪ Sharif’s CTF wiki– wiki.ctfnews.com
▪ A great intro on DEFCON:– www.youtube.com/watch?
v=okPWY0FeUoU
Thank You