Presented at
DEF CON 30 (2022),
Aug. 13, 2022, 9 a.m.
(240 minutes)
Breaking into the capture the flag (CTF) world can be daunting. With much of the world going virtual, many companies, organizations, and individuals are sponsoring capture the flag competitions and people are using these types of events, or various hacking platforms (e.g., Offensive Security's Proving Grounds or Hack The Box), to learn and practice new skills. Unfortunately, many feel overwhelmed when faced with these challenges or don't know where to start. This workshop will introduce the basics of CTFs and provide resources, tips, and fundamental skills that can be helpful when getting started.
This workshop will start with an overview of the CTF landscape, why we do them, and what value they have in the scope of the hacking community. This workshop will include various resources, a couple walkthroughs to show how to approach CTFs, and how it may differ from "real world" hacking challenges. Next, a short CTF will be hosted to give attendees hands-on experience solving challenges while being able to ask for help to successfully navigate the challenges. By the end of the workshop, the group will have worked through various types of CTF challenges, and have the confidence to participate in other CTFs hosted throughout the year.
Areas of focus will include:
* Common platforms and formats
* Overview of online resources
* Common tools used in CTFs and hacking challenges
* Basics of web challenges
* Basics of binary exploitation and reversing challenges
* Basics of cryptographic challenges
* Basics of forensic and network traffic challenges
* Some ways of preparing for your next CTF / Hacking challenge
Materials:
Laptop
Debian-based Virtual Machine (e.g., Kali) is recommended, and USB install drives will be available
Virtualized environment or Kali is not required but Kali will provide all the tools useful in solving the challenges and help standardize available tools. All challenge solutions will be possible using default Kali installations.
Prereq:
Be curious about CTFs and have a very basic knowledge of or exposure to fundamental topics (e.g., Linux, websites, networking, data encoding and encryption)
Exposure to the above concepts will help during the workshop defined CTF challenges but is not required for the workshop
Presenters:
-
Robert Fitzpatrick
Robert Fitzpatrick is a military veteran of over 19 years. He began his cyber life leading the Information Assurance office, and quickly moved up to run the Network Operations Center, as well as the Network Test and Evaluation center. He has built multiple operations centers in both homeland and austere locations, purchased satellite infrastructures, and led vulnerability investigations for classified networks. He is also a co-founder of DC702 and enjoys training new students on an eclectic array of subjects surrounding his interests.
-
Chris Forte
- Security Researcher
Christopher Forte is a security researcher, technology enthusiast, and cybersecurity professional. With experience ranging from software development to physical red teaming, he is passionate about keeping security and various forms of engineering at the center of his focus. Christopher leads his local TOOOL chapter and is a co-founder of the DC702 group.
Similar Presentations: