CAPTURING THE FLAG

shabgard

How are we?

▪ Geek AsiralShabgard ?

Mormoroth(Not in our team)

What is CTF?

▪ Capture the Flag (CTF) is a special kind of information security competitions.

▪ Two common types of CTFs: Jeopardy, Attack-Defence.– Jeopardy-style CTFs has a couple of questions (tasks) in range

of categories. For example, Web, Forensic, Crypto, Binary or something else.

– Attack-defence is another interesting kind of competitions. Here every team has own network(or only one host) with vulnarable services. Your team has time for patching your services and developing exploits usually.

Flag?

▪ Hidden somewhere

▪ Usually in hex

via: www.betterhacker.com

Jeoperdy style task

▪ Pwning/Exploiting

▪ Reverse engineering

▪ Web hacking

▪ Crypto

▪ Secure coding

▪ Stegano

▪ Forensics

▪ Recon

▪ Social engineering

▪ Trivia

Atack-defence

Famous CTFs

▪ DEFCON– Jeopardy + Attack-defence

▪ CCAW (NYU– Jeopardy

▪ ICTF (UCSB)– Jeopardy + Attack-defence

Famous Teams

▪ Geek of cource ;)

▪ Iranian teams:– ASIS– SUT– Noob– Baghali– UICERT

▪ Global– Plaid Parliament of Pwning

(US)– Dragon Sector (PO)– More Smoked Leet Chicken

(RU)– StratumAuhuur (DE)

Tom croose

▪ George Hotz (1989)

▪ George competed alone in CSAW 2013 where he took first place competing alone under the pseudonym tomcr00se.

Ingredients

▪ Security skills like exploiting, crypto, … (daa..)

▪ Scripting

▪ Teamwork – team size matters too

▪ Lot’s of coffee

Where to start

▪ Online CTFs – CTFTime.org

▪ Past CTF archives– shell-storm.org/repo/CTF– capture.thefl.ag

▪ Read write-ups– CTFTime.org– Team’s blogs

▪ Sharif’s CTF wiki– wiki.ctfnews.com

▪ A great intro on DEFCON:– www.youtube.com/watch?

v=okPWY0FeUoU

Thank You