CTF Ready ? 

$WHOAMI

  • CyberSec member
  • Software engineering student
  • InfoSec enthusiast
  • CTF player
  • Debian fan & contributor
  • Intern @ Digitus (Blockchain startup)

$Desc ctf

  • Capture_The_Flag is a computer security competition

$ls ctf

Attack/Defense ( classic )

Jeopardy (task-based)

$LS Categories

  • PWN
  • Web Security
  • Cryptography
  • Reverse Engineering
  • Digital Forensic
  • Steganography

PWN

Remote System/service

x86-32, x86-64

Sources: NO

Binary: YES

Discovery vulnerabilities & use exploits
 

Tools:

-GDB , strace , objdump , ...

Web security

Remote Web Application

CGI, PHP, Python, Ruby, Perl, etc..

Discover vulnerabilities and hack the website

 

Tools :

-BurpSuite , nmap , sqlmap , firebug , ...

Cryptography

- Symmetric/Asymmetric, historical, special cryptosystems

- Decrypt cipher texts, find weaknesses in crypto algorithms

Tools :

-cryptool , hashdump , john the ripper  , ...

Reverse Engineering

- Binary files

- X86-32, X86-64

- Windows, Linux, Android, iOS, etc..

- Analyze binaries and extract the flag

Tools :

-IDA pro , OllyDBG , peda , ...

Digital forensics

- Network dumps, memory dumps, disk image, etc..

- File systems, network protocols, file formats, forensic software, etc..

- Not hard for newcomers

Tools :

-dd , strings , CAINE , Volatily , ...

Steganography

- Media file (vectorial picture, sound file, video file), network dump, etc..

- Classical or special steganography agorithms

- Analyze the source data/container and extract the hidden flag

- Not hard for newcomers

Tools:

-Steghide , pngCheck , Audacity , Gimp , ...

$locate ctf

$Practice

https://www.cybrary.it/course/python/

https://github.com/ctfs

https://github.com/JonathanSalwan/ROPgadget

https://github.com/zardus/ctf-tools

https://github.com/csi-ensi

 

Let's practice

http://www.bsideslisbon.org/challenge/31337/index.html

Made with Slides.com