s previou - zeta-two.com · previou s nex t 1. previou s nex t 2 presentation 45min discussion...
TRANSCRIPT
![Page 1: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/1.jpg)
Previous
Nex
t
1
![Page 2: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/2.jpg)
Previous
Nex
t
2Presentation
45minDiscussion
15min#TALK2019-04-11
Subject: CTF
![Page 3: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/3.jpg)
What is CTF?An introduction to competitive hacking
Carl Svensson @ 0xFF April 2019
![Page 4: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/4.jpg)
Agenda - What are we going to talk about?● Biography● Capture the Flag - Basics
○ Categories
● Jeopardy style● Attack/Defense● Demo - Examples● Resources
![Page 5: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/5.jpg)
Biography - Who am I? What am I doing here?● Carl Svensson, 27● MSc in Computer Science, KTH● Previously: Consultant @ Bitsec● Currently: Head of Security @ KRY/LIVI● CTF team: HackingForSoju (world #12)● Contact:
○ E-mail: [email protected]○ Twitter: @zetatwo○ Website: https://zeta-two.com○ YouTube: https://youtube.com/ZetaTwo
![Page 6: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/6.jpg)
Capture the Flag - Competitive hacking● Security challenges● Categories
○ Pwn○ RE○ Web○ Crypto○ Forensics○ Misc
● Individual or in teams● Online or offline● Time constrained (CTF) or long running (Wargame)
![Page 7: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/7.jpg)
Category: Pwnable● Exploit programs● Set-up
○ Remote○ Local
● Contexts○ Machine code: x86, ARM, MIPS, etc.○ Userland vs Kernel○ Higher level: Java, Python, etc.
● Tools○ IDA, Binja, Ghidra, radare2○ GDB, pwndbg, windbg, qemu○ Python, lots and lots of Python
![Page 8: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/8.jpg)
Category: Reverse engineering● Understand
○ Software○ Hardware○ Protocols
● Setups○ Crackme○ Packers○ Encryption
● Tools○ IDA, Binja, Ghidra, radare2○ GDB, pwndbg, windbg, qemu○ Python, lots and lots of Python
![Page 9: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/9.jpg)
Category: Web● Server side
○ PHP, Python, Java○ Injections - SQL, CMD, Template○ Deserialization, XXE○ SSRF
● Client side○ XSS○ CSRF
● Context○ Flag in file, DB, other
● Tools○ Burp Suite, sqlmap○ Python, lots and lots of Python
![Page 10: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/10.jpg)
Category: Cryptography● Break encryption
○ Recover key○ Recover message○ Forge signature
● Scenarios○ Custom schemes○ Academic attacks
● Tools○ Academic papers, blogs○ SageMath○ Python, lots and lots of Python
![Page 11: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/11.jpg)
Category: Forensics● Recover lost/hidden data
○ File systems○ Network traffic○ File formats
● Tools○ Foremost, Sleuth Kit○ Wireshark○ binwalk, 010 Editor
![Page 12: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/12.jpg)
Category: Miscellaneous● DSP● Machine learning● Smart contracts● Programming
![Page 13: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/13.jpg)
Category: Zajebiste● Polish: “Awesome”● CTF: 0-day● Previously unknown● Typically difficult
![Page 14: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/14.jpg)
Jeopardy Style - The standard format● Pick a challenge● Solve it● Submit flag● Get score● Repeat● Most points win
Web RE Pwn Crypto Forensics Misc
![Page 15: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/15.jpg)
Attack/Defense - The intense classic● One setup per team● Find vulnerabilities
○ Patch your own○ Exploit the others
● Keep services running○ Checker
● Deflect attacks● Tools, tools, tools● Movie like
![Page 16: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/16.jpg)
Other formats - Quests/scenarios● Simulated attacks● Whole networks● Not challenge based● Emulating “real world”● Very rare
![Page 17: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/17.jpg)
So what’s the purpose of all this?● Educational
○ Improve within your area○ Discovers completely new areas
● Competitive● Fun● Social
![Page 18: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/18.jpg)
Example 1 - PicoCTF 2018 Irish Name Repo
![Page 19: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/19.jpg)
Example 2 - Säkerhets-SM - BiffCrypt
![Page 20: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/20.jpg)
Example 3 - Midnight Sun CTFHFS-VM2
![Page 21: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/21.jpg)
Convinced? Great! Where do you start?● PicoCTF.com - Beginner friendly● CTFTime.org - Calendar and rankings● OWASP Juice shop - Web CTF in a box● pwnable.kr - Pwnables● OverTheWire.org - Mix with focus on pwn
![Page 22: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/22.jpg)
Thanks for listening - Now go hack!
![Page 23: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/23.jpg)
![Page 24: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/24.jpg)
CTF introduction workshopHow to play CTF
Carl Svensson @ 0xFF April 2019
![Page 25: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/25.jpg)
Biography - Who am I? What am I doing here?● Carl Svensson, 27● MSc in Computer Science, KTH● Previously: Consultant @ Bitsec● Currently: Head of Security @ KRY/LIVI● CTF team: HackingForSoju (world #12)● Contact:
○ E-mail: [email protected]○ Twitter: @zetatwo○ Website: https://zeta-two.com○ YouTube: https://youtube.com/ZetaTwo
![Page 26: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/26.jpg)
We are going to play an entry level CTF1. Go to https://2018game.picoctf.com/2. Register an account and login3. Go to the problems page
![Page 27: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/27.jpg)
Let’s start with some easy challenges● Forensics
○ “admin panel”
● Cryptography○ “hertz”
● Web○ “Irish Name Repo”
● Binary exploitation○ “buffer-overflow-0”
● Reversing○ assembly-0
![Page 28: s Previou - Zeta-Two.com · Previou s Nex t 1. Previou s Nex t 2 Presentation 45min Discussion #TALK 15min 2019-04-11 Subject: CTF. What is CTF? An introduction to competitive hacking](https://reader030.vdocument.in/reader030/viewer/2022041107/5f0ad1527e708231d42d7d76/html5/thumbnails/28.jpg)
Now for something more difficult● Forensics
○ “now you don’t”
● Cryptography○ “rsa-madlibs”
● Web○ “Buttons”
● Binary exploitation○ “leak-me”○ “shellcode”
● Reversing○ be-quick-or-be-dead-1