Top Banner
All About Capture The Flag
21

All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Jun 22, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

All About Capture The Flag

Page 2: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

What are CTFs?

● Hacking Competitions!● Safe way to learn security● Training Grounds

https://ctftime.org/ctf-wtf

https://ctftime.org/ctf-wtf
Page 3: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Who Organizes them?

● Tons of people, companies, universities● NYU Poly (CSAW)● DEFCON● Security Firms (SANS)

Page 4: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Styles - Onsite or Remote

● Onsite○ Typically held during a conference (but not

necessarily)○ DEFCON http://youtu.be/1UT3qXHduts

● Remote○ Email-based (No cON Name CTF Quals)○ Web○ Snail Mail (USB Drive, Raspberry Pi)

http://youtu.be/1UT3qXHduts
Page 5: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Styles - Attack / Defend

● Attack (Red Team), Defend (Blue Team)● Defend

○ Servers with services to maintain and protect. Points for uptime or business injections/tasks.

● Attack○ Exploits need to be developed/discovered to attack

other teams. Points deducted from other teams, or gained for the attacker.

Page 6: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Styles - Jeopardy

Page 7: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Common Categories

● Recon● Forensics● Networking● Programming● Exploitation● Mobile Security

● Reversing● Cryptography● Web● Trivia● Miscellaneous● Steganography

Page 8: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Trivia

● Google Searches● Hacker Culture● “Hack The Planet”

Page 9: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Recon

● Find everything you can about a target● Fuzyll Challenge - Dota Replay● Julian Cohen - OKCupid profile● Kevin Chung - High School photo

Page 10: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Web

● SQLi● XSS● API Information Disclosure● Command Injection / Escapes

Page 11: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Exploit

● Strings / File / Tricks● Memory Exploitation● Sandbox Escapes● Information Leakage

Page 12: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Reversing

● Strings / File / Tricks● Compressed Files● Obscure Systems

Page 13: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Forensics / Networking

● PCAP Files● Log Files● File Systems / Obscure things

Page 14: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Programming / Scripting

● Python● Netcat● Ex: Answer a math problem correctly 1000

times in a minute.

Page 15: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Steganography

● Hiding data in media. (Picture/Audio files)● Gimp● Audacity

Page 16: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Resources

Page 17: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Events & Meetings

● CTF Competitions● Cybersecurity Club meetings Thursdays

5:00pm in Shores 206 (Goldstein Library)● Weekend Hacking Meetings (Variable

times/location)

Page 18: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

n0l3ptr (Who to ask??)● Mitch Schmidt: Crypto, Exploitation, Python● Nathan Nye: Web, Linux● Shawn Stone: Reversing, Exploitation, Forensics ● Brandon Everhart: Reversing, Beginner Questions,

Team Questions

Page 19: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Write Ups

● https://github.com/n0l3ptr● https://ctftime.org ● http://cybersecurity.fsu.edu/club/

https://github.com/n0l3ptr
https://ctftime.org
http://cybersecurity.fsu.edu/club/
Page 20: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Team Communication

● https://n0l3ptr.slack.com○ Join channel: “ctfgroup”

● Club Email List● Facebook: Cybersecurity Club @ FSU

https://n0l3ptr.slack.com
Page 21: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect.

Books

● Hacking The Art Of Exploitation○ Jon Erickson


Related Documents
We defend your right to defend yourself

We defend your right to defend yourself

Category: Documents
The Airborne Electronic Attack Integrated Product Team ... · The Airborne Electronic Attack Integrated Product Team (AEA IPT) Point Mugu, California UNCLASSIFIED // FOR PUBLIC RELEASE

The Airborne Electronic Attack Integrated Product Team...

Category: Documents
CISummit 2013: Steve Gullans & Gregory Gallo, The BioSimilar Age: How to Promote a Biosimilar and Defend a Franchise from a BioSimilar Attack

CISummit 2013: Steve Gullans & Gregory Gallo, The BioSimilar...

Category: Business
Council Prepared To Defend Policy At A . M. S. MeetingCouncil Prepared To Defend Policy At A . M. S. Meeting EVAN AP ROBERTS. . . leads attack. Student Council broke ... Of Dances

Council Prepared To Defend Policy At A . M. S....

Category: Documents
AVIATION HISTORY Lecture 9: Military Aviation. Definition of Military Aviation Military aviation is used to attack or defend a country through the sky.

AVIATION HISTORY Lecture 9: Military Aviation. Definition of...

Category: Documents
Does It Pay to Defend Against a Speculative Attack? Barry ...eichengr/research/defense8.pdfDoes It Pay to Defend Against a Speculative Attack? Barry Eichengreen and ... currency crises

Does It Pay to Defend Against a Speculative Attack? Barry...

Category: Documents
INFORMATION FOR PATIENTS FOLLOWING HEART ATTACK · PDF fileCARDIAC REHABILITATION TEAM 1 INFORMATION FOR PATIENTS FOLLOWING HEART ATTACK WHAT IS A HEART ATTACK? Heart attack or

INFORMATION FOR PATIENTS FOLLOWING HEART ATTACK · PDF...

Category: Documents
The Civil War 1861 - 1865. South had some initial advantages Easier to defend than attack – Shorter supply lines – Better knowledge of terrain – Emotional.

The Civil War 1861 - 1865. South had some initial advantages...

Category: Documents
A VERY SHORT COURSE ON HOW TO ATTACK AND HOW TO … · 2014-11-26 · DIVORCING THE MILITARY and SEVERING THE CIVIL SERVICE: A VERY SHORT COURSE ON HOW TO ATTACK AND HOW TO DEFEND

A VERY SHORT COURSE ON HOW TO ATTACK AND HOW TO … ·...

Category: Documents
NAL ATTACK DANCER AUDITIONS Team...NAL ATTACK DANCER AUDITIONS Frequently Asked Questions What are the minimum qualifications to be a Jacksonville Sharks Attack Dancer? • Must be

NAL ATTACK DANCER AUDITIONS Team...NAL ATTACK DANCER...

Category: Documents
17U BOYS DIVISION POOL KEY - Bigfoot HoopsX1 Centex Attack National Black (TX) AA1 Legends 3T (TX) G2 Team McDyess (OK) U3 Centex Attack National Blue (TX) E1 Louisiana Select Team

17U BOYS DIVISION POOL KEY - Bigfoot HoopsX1 Centex Attack.....

Category: Documents
Building Resilience in Space Domain Awareness · 2/27/2020  · • Cyber situational awareness key • Must defend all segments against cyber attack • Cyber – EW convergence

Building Resilience in Space Domain Awareness · 2/27/2020....

Category: Documents