Download presentation
Presentation is loading. Please wait.
1
CTFs – Not Just for Halo Ray Doyle (@doylersec)
Gamification of Information Security and Other Buzzwords Ray Doyle Clayton Dorsey Hook – question (ever done a CTF?) Beginning – what are CTFs Middle – how to do CTFs Climax – WHY to do CTFs End – thanks for coming, final thoughts Intro, half of who we are slide (plus picture of me) – Ray Half of who we are slide, what are CTFs, types of CTFs, CTF challenges, Demo #1 – Clayton How to do CTFs, Advanced Tactics, Trello – Ray Why, Why, Popular, Resources – Clayton Demo, Q&A, (hints), End - Ray
2
Who are we? Ray Doyle - @doylersec https://www.doyler.net
Senior Penetration Tester at SecureWorks Participated in various CTFs for over 10 years now Team EverSec - 1st place SOHOpelessly Broken DefCon24, 2nd place DerbyCon 6, 7th place DefCon24 OpenCTF 2x DEF CON Black Badge Winner (DEF CON 24 IoT CTF, DEF CON 25 Wireless CTF) Clayton Dorsey - @claytondorsey Senior Penetration Tester at SecureWorks CTFing since 2012 Competed in SOHOpelessly Broken since 2013, placed each year, won 1st twice DEF CON 24 Black Badge winner (SOHOpelessly Broken IoT Village CTF)
3
What are CTFs? Capture the Flag (CTF) competitions are generally on information security topics with challenges, winners, and sometimes even prizes! Often a series of challenges or computers to attack and defend Team or individual based Challenges to solve that usually give “flags” (ther5s- n0-Place-l1ke-h0m3)
4
Jeopardy Attack-defense Mixed/Scenario Types of CTFs
Jeopardy – various challenges and questions in a range of categories. Teams (or individual players) receive points for each task, generally relating to the difficulty of the question. At the end of the game, the points are tallied and the winner is the team with the most points. This is the most common format, especially in online-only CTFs. Attack- defense - this type of CTF involves a network or host with vulnerable services. Teams are generally given time to patch and defend their hosts while developing exploits to use against other teams. After a specified amount of time, the network is opened up, and the attacks/defense can begin. (DEF CON and CCDC are the most common attack-defense) Mixed/Scenario - mixed format CTFs are either a combination of the above two types of CTFs or an entirely different format altogether. Scenario based CTFs are similar in style to Jeopardy, but without specific challenges or points specified. (UCSB iCTF is the main mixed CTF. DerbyCon and Eversec are scenario CTFs.
5
CTF Challenges Cryptography Steganography Binary Exploitation
Reverse Engineering Mobile challenges Network challenges Physical attacks Forensics Packet Analysis Games Obscure systems/languages Programming And more!
6
Demo 1
7
How to do CTFs Just enter (CTFtime) or signup early
Join a random team (in person is easier) /r/OpenToAllCTFteam Read write-ups of older challenges, as well as challenges that you attempted (whether you completed them or not) - GOOGLE!
8
Out-of-band tactics and resource gathering
Advanced CTF Tactics Slack Trello Specialization Out-of-band tactics and resource gathering
9
Trello
10
Why do CTFs?
11
Why do CTFs? Closest thing to hacking / pentesting for many people
Gain experience with tools Hone skills, learn new ones Competition is fun, motivating, aggravating Meet new people, potential employers or co-workers CTFs as part of job interviews
12
Popular/Upcoming CTFs
DEFCON DEFCON CTF - OpenCTF (note: was cancelled in 2017) Derbycon CTF CSAW CTF (good for beginners) Upcoming EKOPARTY CTF - HITCON CTF - CTF at BSides Manchester?!
13
Resources ctftime.org - Great for finding upcoming CTFs, challenge writeups, and scoring teams github.com/zardus/ctf-tools - long list of tools separated by challenge category Practice CTFs picoCTF Pwn Adventure – an MMO client and server you can run and hack to beat Previous CTF writeups
14
Demo 2
15
Questions and Answers?
17
END
18
Slide 2 Name Posistion
19
Slide 3 Name Designation Department Location Add recently used chart
20
Slide 6 Name Designation
21
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
22
Lorem ipsum
23
Heading Lorem ipsum dolor sit amet
24
Heading Lorem ipsum dolor sit amet
25
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
26
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
27
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit
28
Lorem ipsum Lorem ipsum dolor sit amet, consectetur adipiscing elit.
29
Lorem ipsum Lorem ipsum Lorem ipsum
30
Heading Section 2 Section 1 Section 3
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Section 2 Section 3
31
Section Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
32
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
33
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
34
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
35
Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
36
Heading Heading Lorem ipsum dolor sit amet, consectetur
adipiscing elit. Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
37
1 2 3 4 5 6 Lorem ipsum dolor sit amet,
38
Policy Procedures People Products
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Procedures People Products
39
Slide 5 Lorem ipsum dolor sit amet, consectetur adipiscing elit.
40
Slide 6 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum Heading
41
Slide 7 Title Lorem ipsum Heading
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius. Title Lorem ipsum
42
Slide 8 Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum Lorem ipsum Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
43
Slide 9 Strengths Weakness Opportunities Threats
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius Weakness Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius Opportunities Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius Threats Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius
44
Slide 10 High Low Text
45
Lorem ipsum dolor sit amet
Slide 11 Level 1 Lorem ipsum Level 2 Lorem ipsum dolor sit amet Level 3 Level 4 Level 5
46
Slide 12 Lorem ipsum Lorem ipsum Lorem ipsum Lorem ipsum Lorem ipsum
47
Slide 13 Lorem ipsum
48
Slide 14 Lorem ipsum dolor sit amet, consectetur adipiscing elit.
49
Slide 15 High Low Text Product 5 Product 3 Product 2 Product 1
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius High Low Text Product 5 Product 3 Product 2 Product 1 Product 4 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius
50
Slide 16 Lorem ipsum Lorem ipsum Lorem ipsum
51
Slide 17 Lorem ipsum Lorem ipsum
52
Slide 18 Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit. Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit.
53
Slide 19 Short Term Long Term Heading
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit. Short Term Long Term
54
Slide 20 Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius.
55
Slide 21 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius. Heading
56
Slide 22 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus vitae massa eu mauris pulvinar varius. Heading
57
Slide 23 Heading Text Text Text Text
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Text Text Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Text Text
58
Slide 24 Heading Text Lorem ipsum dolor sit amet, consectetur adipiscing elit.
59
Slide 25 Heading Lorem ipsum dolor sit amet, consectetur
adipiscing elit.
60
Slide 26 Heading Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Similar presentations
