You do not have permission to edit this page, for the following reason:
Free text:
Welcome to the Tech Inc Capture the Flag (CTF) training event series! The format of this series is likely to evolve over time, but I currently assume that these evenings will feature a combination of web-based challenges, online competitions, and general-purpose learning/workshop evenings covering a variety of computer security (i.e. hacking, defensive) topics. Everyone of all skill levels is welcome!!!! Our current schedule is a meeting at techinc every first monday of the month, we also try to do a ctf event every 1/2 months. = Training Evenings = == Upcoming == * July 14 - Dimitris (Volatility) * August 4 - Brainsmoke (Binary exploitation walkthrough) * August 11 - Melanie (wargame or video - TBD) * August 25 - Hitcon Retrospective * By default, Melanie will fill in the weeks that aren't taken by anybody else == Past == * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-07-07 7 July, 2014] - Pwnium CTF Retrospective (via Dimitris) * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-06-30 30 June, 2014] - Intro to Cuckoo Sandbox * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-06-23 23 June, 2014] - PHP Filter Attacks (via Coolfire) * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-06-09 9 June, 2014] - Hack in the Box Retrospective (+Leviathan continued) * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-05-12 12 May, 2014] - Leviathan wargame (OverTheWire) * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-04-28 28 April, 2014] - Intro to x86 Assembly, Part 2 * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-04-14 14 April, 2014] - Intro to Metasploit * [https://wiki.techinc.nl/index.php/CTF:x86-assembly-video-day 6 April, 2014] - CTF-related video marathon * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-03-31 31 March, 2014] - Cryptanalysis + OTW Krypton war-game * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-03-24 24 March, 2014] - Binary exploitation + Codegate Minibomb walkthrough * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-03-03 3 March, 2014] - Hack in the Box (HitB) Teaser CTF * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-02-24 24 February, 2014] - Intro to x86 disassembly * [https://wiki.techinc.nl/index.php/CTF-practice-evening:2014-02-10 10 February, 2014] - IDB challenge @ Certified Secure * [http://wiki.techinc.nl/index.php/CTF-practice-evening:2014-02-03 3 February, 2014] - Burp Suite and SQLmap * [http://wiki.techinc.nl/index.php/CTF-practice-evening:2014-01-27 27 January, 2014 ] - PhDays retrospective + walkthroughs * [http://wiki.techinc.nl/index.php/CTF-practice-evening:2014-01-13 13 January, 2014] - Intro to web hacking + Certified Secure * [http://wiki.techinc.nl/index.php/CTF-practice-evening:2014-01-06 6 January, 2014] - Wireshark Jumpstart 101 + GitS teaser (Armorall - VNC pcap) * [http://wiki.techinc.nl/index.php/CTF-practice-evening:2013-12-23 23 December, 2013] - Levels 1/2 @ I/O Smash the Stack * [http://wiki.techinc.nl/index.php/CTF-practice-evening:2013-12-09 9 December, 2013] - UNIX + OTW Bandit wargame = Competitions = * We compete occasionally as [http://knuffelhackers.nl Team Knuffelhackers]! * And we occasionally partner w/ team [https://vubar.nl VUBAR] == Upcoming == * [http://hitcon.org/2014/CTF/ HITCon] - Aug 16-18 (Team Knuffelhackers) == Past == * [http://41.231.53.44:8282 Pwnium] - July 4-5 (Team Knuffelhackers) * [http://haxpo.nl/event-registration/?regevent_action=register&event_id=35 Hack in the Box] - May 28-30 (Various teams) * [https://wiki.techinc.nl/index.php/CTF:Plaid-CTF-2014 Plaid CTF] - 11-13 April, 2014 (Team Knuffelhackers) * [http://ctf.haxpo.nl/scores/ Hack in the Box (HitB) Teaser] - 3-4 March, 2014 (Team Knuffelhackers) - '''4th place''' * [http://ctf.codegate.org/ Codegate Preliminaries] - 22-23 February, 2014 (Team Knuffelhackers) * [https://olympic-ctf.ru/ Olympic CTF Sochi] - 7-9 February, 2014 (w/ Team VUBAR) * [http://wiki.techinc.nl/index.php/CTF:PhDays-Quals-2014 Positive Hack Days Qualifiers 2014] - 25-27 January, 2014 (Team Knuffelhackers) * [http://ructf.org/e/ RuCTFe 2013] - 14 December, 2013 (w/ Team VUBAR) * [http://ictf.cs.ucsb.edu/ UCSB iCTF 2013] - 6-7 December, 2013 (w/ Team VUBAR) === Write-ups === [[CTF:Writeup-Olympic-CTF-Sochi-2014]] = About the CTF Training Evenings = == Types of evenings == I envision the following 3 kinds of CTF training evenings: * 1 - '''Workshop/learning evenings''' - network analysis/forensics ([http://www.wireshark.org Wireshark]), filesystem forensics, reversing([http://www.ollydbg.de Ollydbg], etc..)/Pwnables, code deobfuscation, pen testing ([http://www.kali.org Kali]-[http://www.backtrack-linux.org Backtrack]/[http://www.metasploit.com Metasploit]/buffer overflows), cryptanalysis, web security (XSS, SQL injection, etc..), stegonography, [http://blog.commandlinekungfu.com Commandline kung-fu], recon/trivia/etc.. ** Example: I've got a whole slew of [https://www.lcuportal2.com/check-out-these-courses.html Wireshark training videos] - we can watch them together! ** We could also occasionally screen [https://www.youtube.com/user/DEFCONConference Defcon]/[http://media.ccc.de/browse/congress/ CCC]/[http://www.securitytube.net Other] videos on fun topics! * 2 - '''Challenge website evenings''' ** I setup a [[TechInc-CTF-Scoreboard|Scoreboard]], so we can keep track of who's done which challenges * 3 - '''Actual CTF events''' ** There's a bunch of them on [http://ctftime.org/ CTF Time] - we participate occasionally! == Other things that we can do == * Setup a vulnerable server ([http://www.securitydistro.com/security-distros/damn-vulnerable-linux-dvl Damn Vulnerable Linux], [http://www.offensive-security.com/metasploit-unleashed/Metasploitable Metasploitable], etc..) and attack it ** Other examples: http://exploit-exercises.com/ * Preparing for competitions ** Setup [http://etherpad.org Etherpad] (or another online "multiplayer notepad") so people can make notes and work together for each challenge *** We're currently using: [https://pad.riseup.net Riseup Pad] ** Preparing tools ([http://www.backtrack-linux.org Backtrack] VM, other VM images with different tools) ** Being able to emulate weird architectures for binaries ** Being able to test shellcode on our own system ** Maybe we can do something with hardware in the space (i have no idea what the status is of VMWare cluster in space, but i think we have one..) * Brainsmoke could talk about binary exploitation ** We can also look at gdb / objdump / IDA / Hex-Rays = Challenge websites = Link to the Tech Inc Challenge Website Scoreboard: [[TechInc-CTF-Scoreboard]] * http://captf.com/practice-ctf/ * http://ctf.forgottensec.com/wiki/ * http://www.overthewire.org/wargames/ (Bandit is good for beginners) * https://www.certifiedsecure.com * http://io.smashthestack.org * http://ismellpackets.com/ * http://www.kroosec.com/?m=1 * http://exploit-exercises.com/fusion * http://exploit-exercises.com/protostar * http://opensecuritytraining.info/Training.html * http://www.securitytreasurehunt.com/ * http://forensicscontest.com/ * http://ebctf.nl/challenges * http://sourceforge.net/projects/owaspshepherd/files/ - VM * http://www.hackthissite.org * https://microcorruption.com/ - Embedded hacking * http://www.bright-shadows.net * http://www.matasano.com/articles/crypto-challenges/ - crypto challenges = Reversing and Exploitation = * http://coolfire.insomnia247.nl/BMA/X86_Win32_Reverse_Engineering_Cheat_Sheet.pdf - x86 reverse engineering cheat sheet * [[GDB-Tips|GDB Tips]] - Some beginning tips for how to use GDB * https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Coding+Standard - Helpful for finding C constructs that can be exploited * http://sourceware.org/gdb/current/onlinedocs/gdb/index.html - GDB manual * http://sourceware.org/binutils/docs-2.24/binutils/index.html - GNU Binutils manual * http://www.youtube.com/watch?v=gYOy7CGpPIU - The Making of Atlas: from Script Kiddie to Hacker in 5 Sleepless Nights (video) * [http://rogunix.com/docs/Reversing&Exploiting/Hacking%20-%20The%20Art%20of%20Exploitation_2nd%20Ed.pdf Hacking: The Art of Exploitation (book)] * [http://rogunix.com/docs/Reversing&Exploiting/Reversing-Secrets%20of%20Reverse%20Engineering.pdf Reversing: Secrets of Reverse Engineering (book)] * http://www.woodmann.com/fravia/howto1.htm * http://www.woodmann.com/crackz/Orc.htm * [https://github.com/longld/peda Python Exploit Development Assistance] * [http://www.onlinedisassembler.com/odaweb/ Online Dissassembler] * [http://ropshell.com Ropshell.com] Tools: objdump, readelf, gdb, ktrace/kdump = Windows binaries = * http://innounp.sourceforge.net - Inno Setup Unpacker * OllyDbg * Ida Free = UNIX hacking = * [http://askubuntu.com/questions/24006/how-do-i-reset-a-lost-administrative-password Log into Linux without a PW] = Web hacking = * https://www.owasp.org/index.php/Category:Attack * https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents * https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet * http://w3schools.com * http://yehg.net/lab/#toolbox * https://hackvertor.co.uk/public * [http://portswigger.net/burp/ Burp Suite] * [http://code.google.com/p/fuzzdb/ fuzzdb] * [http://www.cirt.net/Nikto2 Nikto] * http://www.irongeek.com/i.php?page=videos/web-pen-testing-workshop - Nice series of videos = Network challenges = * For VNC: [http://rfbproxy.sourceforge.net rfbproxy] / [http://www.tightvnc.com/rfbplayer.php Rfbplayer] * [http://chaosreader.sourceforge.net chaosreader] = Steganography = * http://www.jjtc.com/Steganography/tools.html * http://www.slideshare.net/null0x00/nullcon-2010-steganography-stegananalysis-a-technical-psychological-perspective * http://sox.sourceforge.net - Sound eXchange (audio "swiss army knife") * http://spek.cc - Spek spectrum analyzer * Audacity * SDRsharp = Forensics = * [http://www.garykessler.net/library/file_sigs.html File Signatures Table], [http://www.filesignatures.net File Signatures.net], [http://asecuritysite.com/forensics/magic DF Magic Numbers] - File format signatures = Crypto = == Cryptanalysis == * http://www.simonsingh.net/The_Black_Chamber/chamberguide.html * http://www.cryptool-online.org/index.php?option=com_content&view=article&id=55&Itemid=53&lang=en * http://luizfirmino.blogspot.nl/2011/10/cryptanalysis-tools.html * http://www.matasano.com/articles/crypto-challenges/ == Cracking == * http://hashcat.net/oclhashcat/ - Hashcat = Setting up a CTF = * http://ictf.cs.ucsb.edu/software.html * http://www.cipher-ctf.org/Gameserver.php = Other stuff = * http://ctftime.org/ - Event listings and write-ups * http://hackflag.org/forum/ * http://sysexit.wordpress.com/category/writeups/ * http://www.hackers.nl/about/introduktie/ * http://www.enigmagroup.org/pages/basics/ * http://shell-storm.org/repo/CTF/ - Archive of previous CTFs * http://mitrecyberacademy.org/stem/moodle/course/view.php?id=13 * http://opensecuritytraining.info/Training.html * http://www.irongeek.com/i.php?page=security/hackingillustrated
Save page Show preview Show changes Cancel