INFOSEC CAPTURE THE FLAG LIKE UFC BUT FOR
INFOSEC CAPTURE THE FLAG LIKE UFC, BUT FOR HACKERS.
WTF IS A CTF? A “CTF” or Capture the Flag in the Information Security field is a competition in which players use exploits, reverse -engineering, and/or creative thinking to solve challenges in the form of potentially vulnerable or alreadycompromised computer systems. Contestants solve one or more challenges on each system in order to get their “flags”. By submitting each flag to the scoreboard, players are awarded points for that challenge. TL; DR: Solve challenges on computer systems to get flags that turn into points
TYPES OF CTFS • Jeopardy • • Choose a challenge from the scoreboard and solve Most common Easiest to learn from Allows for many different areas of expertise to effectively compete • Attack-Defense • • Will not be at Triangle Info. Se. Con, just noted for info Each team has one host that they must defend from other teams Must also attack other teams simultaneously Attack and Defense points awarded • Mixed • Combination of both
JEOPARDY CHALLENGES • Reverse Engineering • Network • Cryptography • Forensic • Web • ? ? ?
STORM CTF DETAILS • Format: Jeopardy • Timeframe: 12 hr (1000 – 2200) • Prize Format: 3 Non-Positional Prizes • • • 1 st place gets first pick 2 nd place gets second pick 3 rd place gets what’s left Tiebreaker: First to have reached tied score 3 Spot Challenges at random times award an instant prize
PRIZES! • Metasploit Pro License (1 year) • Mac. Book Air • Razer Backpack Bundle • Spot Prizes (Awarded to the first solver of corresponding spot challenge) • • 2 x $50 Amazon Gift Card (One per challenge) Raspberry Pi Complete Starter Kit
HOW TO CTF (JEOPARDY) • Login to Scoreboard • Login to Chat (if applicable) • Select a Challenge to attempt • Solve Challenge • Submit Flag from Challenge into Scoreboard • Points awarded for successful submission • Have the most Points at the end of the Competition to win
HOW TO CTF (JEOPARDY) EXAMPLE IMPORTANT: You cannot change this after registering!!!
HOW TO CTF (JEOPARDY) EXAMPLE (CONT. )
HOW TO CTF (JEOPARDY) EXAMPLE (CONT. ) Before Submitting: After Submitting Successfully:
HOW TO CTF (JEOPARDY) NETWORK CHALLENGE EXAMPLE Network targets have an IP in the category name. Identify flaws in the device to earn flags for the category. Each flag is usually in succession here. Learners have walkthroughs to help out.
SCOREBOARD Note: You will only see Challenges for your Competing Status
CHAT Account is automatically created when you register on the Scoreboard. Only create new accounts for your team members. Team Chat Rooms are enabled.
CREATING A NEW TEAM (CHAT)
BLUE TEAM! Full Bro, Suricata, Packet Capture, and more! You are free to watch the CTF like this!
NO YOU CAN’T SEE FLAG SUBMISSIONS Same goes for Chat
WHAT TO BRING? • Laptop • • Preferably with a disposable image or VM • If you need help, find me (or other staff) BEFORE the competition • Exception: Learners subnet allowed to login to shared Kali VM hosted on server. SSH required. Kali Images will not be available at the competition. Come prepared. • Headphones / Earbuds • A competition flag may require it. (HINT) • Hoodie (optional)
WHAT TO EXPECT? • Introverts abundant • Students: Initiate interaction if you’re curious. • Competitors: Students may hover • Students: This is a privilege. Do not discuss what they are doing aloud or to others. Ask to join their Slack (Mattermost Chat) channel and ask them there. Violators may be asked to leave. • Technical Difficulties • Murphy’s Law always wins. Be patient, we’ll fix whatever broke as soon as possible.
HOW TO FIT IN WITH THE COOL KIDS (Read: What to do when you arrive) • Find a seat. • Plug in Laptop • Sign into Wi. Fi (Storm-CTF ||5 G|5 G 2) • Register/Login to Chat • • Ask Tech related Questions on Chat Issues with Flags should be brought to the front table directly • Click Challenges • Play!
WHAT NOT TO DO • ARP Spoofing • Attacking the Infrastructure • Do. S of any kind • Excessive Profanity • Shoulder Surfing as a Competitor • Also includes using the students as “Little Birds” • Modification of Flags • Online Banking on Storm-CTF Wi. Fi
QUESTIONS? @offsec_ginger #Storm. CTF
- Slides: 21