Presented at
DEF CON 31 (2023),
Aug. 12, 2023, 9 a.m.
(240 minutes)
Breaking into the capture the flag (CTF) world can be daunting and many people are overwhelmed when faced with participation in these events and challenges. With how beneficial the various challenges can be to both beginners and seasoned professionals, we want to demystify this world and help people get the most out of them.
This workshop will start with an overview of the CTF landscape, why we do them, and what value they have in the scope of the hacking community. This presentation will include various resources and a few simple demos to show how to approach a CTF and how it may differ from "real world" hacking challenges that many of us face in our professions. Next, a short CTF will be hosted to give attendees hands-on experience solving challenges with the ability to ask for help and will be guided through the approach to successfully navigating these challenges. Upon completion, the group will have worked through various types of hacking challenges and will have the confidence to participate in other CTFs hosted throughout the year.
Areas of focus will include:
* Common platforms and formats
* Overview of online resources, repositories, and how to progress
* Common tools used in CTFs and hacking challenges
* Basics of web challenges
* Basics of binary exploitation and reversing challenges
* Basics of cryptographic challenges
* Basics of forensic and network traffic challenges
Skill Level: Beginner
Prerequisites for students:
- Be curious about CTFs and have a very basic knowledge of or exposure to fundamental topics (e.g., Linux, websites, networking, data encoding and encryption)
- Exposure to the above concepts will help during the workshop defined CTF challenges but is not required for the workshop
Materials or Equipment students will need to bring to participate:
- Laptop
- Debian-based Virtual Machine (e.g., Kali) is recommended
- Virtualized environment or Kali is not required but Kali will provide all the tools useful in solving the challenges and help standardize available tools. All challenge solutions will be possible using default Kali installations.
- A limited number of Kali-Chromebooks and hosted resources will be available for those having issues or unable to bring their own systems.
Presenters:
-
Robert Fitzpatrick
Robert Fitzpatrick is a military veteran of over 20 years. He began his cyber life leading the Information Assurance office, and quickly moved up to run the Network Operations Center, as well as the Network Test and Evaluation center. He has built multiple operations centers in both homeland and austere locations, purchased satellite infrastructures, and led vulnerability investigations for classified networks. He is also a co-founder of DC702 and enjoys training new students on an eclectic array of subjects surrounding his interests.
-
Christopher Forte
Christopher Forte is a security researcher and a junky for learning, participating in CTFs, and solving challenges. He is curious, loves teaching others, and has a passion for breaking things. As a resident of Las Vegas, Christopher co-founded DC702, is the local Chapter President of TOOOL, and enjoys introducing people to the world of hacking and lock picking.
Similar Presentations: