Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISCTF 2015 Capture The Flag Competition

Published byGeraldine Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "ISCTF 2015 Capture The Flag Competition"— Presentation transcript:

1 ISCTF 2015 Capture The Flag Competition
Sep 17, 2015

2 CTF Competition Capture The Flag Challenges for hacking skill
Attack-Defense Each team owns their server and attack another team’s server or fix their server’s vulnerability to defend attacks. Jeopardy Solve the problem and get the score of each problem DEF CON: The world’s most popular hacking conference (Attack-Defense) Codegate: Korea’s most popular hacking conference(Jeopardy)

3 ISCTF 2015 Information Security CTF
A CTF competition for COSE354 students CTF team member == Term project team member Jeopardy

4 ISCTF – Fields of problem
Fields of problems System System penetration(ex. Race condition) Vulnerability Find a vulnerability of an application Web Find a vulnerability of web sites or databases (Layer 7) Forensic Investigate or trace suspect’s forensic artifacts(ex. Hard disk) Network Investigate network packets Cryptography Reversing Reverse engineering

5 ISCTF – Topic of each field
Topics of each field (Briefly) System BOF, Format String Bug, Race condition Vulnerability Privilege escalation, Logical problem Web SQL injection, Cookie injection Forensic File system forensic, Carving Network Packet analysis Cryptography Steganography, Basic crypto, Block cipher Reversing x86 reversing, ELF reversing

6 ISCTF – Schedule Schedule(KST): 36 hours / Nov 6 ~ 8 or 13 ~ 15
Oct 6(or 13) (Fri) Oct 7(or 14) (Sat) Oct 8(or 15) (Sun) Schedule will be fixed later Start 3 6 9 12 15 18 21 24 3 6 9 12 15 18 21 24 End 3 6 9 12 15 18 21 24

7 ISCTF – Rules Rules DO NOT CHEAT All auth log will be remained
We will look for you, We will find you, and…. Cheating includes: Sharing answer(key), sharing solution, peeking, attack the CTF server, etc. But, if you found our site’s vulnerability, then we will give you several score (Come to us!)

8 ISCTF – Write-up All teams must submit a write-up about solved problems How to write write-ups? See many examples at

9 Write-up example in ISCTF2014
ISCTF – Example(1) Write-up example in ISCTF2014

10 Write-up example in ISCTF2014
ISCTF – Example(2) Write-up example in ISCTF2014

11 Write-up example in ISCTF2014
ISCTF – Example(3) Write-up example in ISCTF2014

12 Write-up example in ISCTF2014
ISCTF – Example(3) Write-up example in ISCTF2014

13 Write-up example in ISCTF2014
ISCTF – Example(3) Write-up example in ISCTF2014

14 How to prepare Useful sites (Challenges) http://webhacking.kr
Web. Difficulty ★★☆☆☆ Recommended for beginners Web, Binary, Forensic, System. Difficulty ★★★☆☆ System(Provides VM’s ISO file). Difficulty ★★★★☆ Web, Binary, etc. Difficulty ★★★★☆ at.zip The Fellowship of the BOF: System. Difficulty ★★☆☆☆ Reversing. Difficulty ★★★★☆

15 How to prepare (Cont.) Useful sites (Information)
Forensic. Korean best site(about forensic) I think. Reversing. Information with challenges. Many write-ups(solution) for previous CTF competitions Penetration testing software

16 How to prepare (Cont.) Useful sites (Tools) http://www.wireshark.org/
Wireshark: Packet capturing tool Immunity debugger: x86 debugger (Windows) Aircrack-ng: Wireless password cracker (WEP) & Other wireless pen-tools PEiD: PE identification tool HxD: Freeware hex editor

17 Q & A

18 Thank you

Download ppt "ISCTF 2015 Capture The Flag Competition"

Similar presentations

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd.

2 whoami The OWASP Foundation Nahidul Kibria Co-Leader, OWASP Bangladesh, Senior Software Engineer, KAZ Software Ltd.
1 Visualizer for Firewall Display & Analysis Tool.

1 Visualizer for Firewall Display & Analysis Tool.
Welcome to EECS 354 Network Penetration and Security.

Welcome to EECS 354 Network Penetration and Security.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CAPTURE THE FLAG (CTF) Maxim A. Kulakov (Vladimir State University)

CAPTURE THE FLAG (CTF) Maxim A. Kulakov (Vladimir State University)
Hands-on: Capturing an Image with AccessData FTK Imager

Hands-on: Capturing an Image with AccessData FTK Imager
CTF Mike Gerschefske Justin Gray. What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon.

CTF Mike Gerschefske Justin Gray. What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Andrew Martin - Information Security Specialist, CIBC

Andrew Martin - Information Security Specialist, CIBC
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.

Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Security Testing Case Study 360logica Software Testing Services.

Security Testing Case Study 360logica Software Testing Services.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:
School of Electrical Engineering & Computer Science National University of Sciences & Technology (NUST), Pakistan Research Profile Fauzan Mirza.

School of Electrical Engineering & Computer Science National University of Sciences & Technology (NUST), Pakistan Research Profile Fauzan Mirza.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Similar presentations

Ads by Google