Difference between revisions of "CTF-practice-evening:2013-12-09"

From Technologia Incognita
Jump to: navigation, search
(Notes)
 
(20 intermediate revisions by one other user not shown)
Line 5: Line 5:
 
|Contact=Melanie
 
|Contact=Melanie
 
}}
 
}}
= 9 December, 2013 - 8 PM =
+
= Capture The Flag evening - Part I =
  
Capture The Flag evening - Part I
+
* 9 December, 2013 - 8 PM
 
+
* Please bring along a laptop with you!!!
We'll start at 8 PMPlease bring along a laptop with you!!!
 
  
 
= General CTF Info =
 
= General CTF Info =
  
See the page for the [[Ctf-evenings]]
+
* See the page for the [[Ctf-evenings]]
 
+
* Link to the Tech Inc [[TechInc-CTF-Scoreboard | Challenge Website Scoreboard]]
Link to the Tech Inc Challenge Website Scoreboard: [[TechInc-CTF-Scoreboard]]
 
  
 
= Notes =  
 
= Notes =  
  
 
* 7 people present: some programmers, some sysadmins, some security folks
 
* 7 people present: some programmers, some sysadmins, some security folks
* We probably won't start out being very good -- BUT after the CTF events, we should analyse them, so we can improve.
+
* We probably won't start out being very good -- BUT after the CTF events, we should analyse them, so we can gradually improve.
 
+
* We started with general discussion - see the [[Ctf-evenings | CTF evenings]] page for the notes!
== Types of evenings ==
+
* After that, we got started with playing the '''Bandit challenge''' at: http://www.overthewire.org/wargames/
 
+
* The next challenge website in line is: http://io.smashthestack.org
I envision the following kinds of CTF training evenings
+
* Tentative results are listed on the Scoreboard: [[TechInc-CTF-Scoreboard]]
* 1 - '''Learning evenings''' - network analysis/forensics (Wireshark), filesystem forensics, reversing/Pwnables(Ollydbg, etc..), code deobfuscation, pentesting (Nessus/Metasploit/stack overflows), cryptology, web security (XSS, SQL injection, etc..), stenography, recon/trivia/etc..
+
* We will look into which online [http://ctftime.org CTF events] we can compete in, and discuss the options next time
** Example: I've got a whole slew of Wireshark training videos - we can watch them together!
+
* We can meet every Monday, alternating challenge website evenings w/ informational evenings (workshops)
 
+
* https://github.com/caesar0301/pcaptools << Nice tools for PCAP files.
* 2 - '''Challenge website evenings'''
 
** I setup a scoreboard, so we can keep track of who's done which challenges
 
 
 
* 3 - '''Actual CTF events'''
 
** There's a bunch of them on CTF Time - we should participate!
 
** We can probably also join VUBAR when they are playing here!  (Etienne said that this would probably be okay)
 
** We can also participate in own events, at other times..
 
 
 
== Other things that we can do ==
 
 
 
* We could setup a vulnerable server (Damn Vulnerable Linux, etc..) and attack it
 

Latest revision as of 22:58, 6 January 2014

CTF-practice-evening:2013-12-09
Date 2013/12/09
Time
Location Tech Inc
Type Workshop
Contact Melanie

Capture The Flag evening - Part I

  • 9 December, 2013 - 8 PM
  • Please bring along a laptop with you!!!

General CTF Info

Notes

  • 7 people present: some programmers, some sysadmins, some security folks
  • We probably won't start out being very good -- BUT after the CTF events, we should analyse them, so we can gradually improve.
  • We started with general discussion - see the CTF evenings page for the notes!
  • After that, we got started with playing the Bandit challenge at: http://www.overthewire.org/wargames/
  • The next challenge website in line is: http://io.smashthestack.org
  • Tentative results are listed on the Scoreboard: TechInc-CTF-Scoreboard
  • We will look into which online CTF events we can compete in, and discuss the options next time
  • We can meet every Monday, alternating challenge website evenings w/ informational evenings (workshops)
  • https://github.com/caesar0301/pcaptools << Nice tools for PCAP files.