WELCOME TO:

1

“Home of DC 702”

Meetup 1110 :CTF 101

Presents:

2

Current EventsWhat is new with the group?

3

Agenda

CTF 101 BreakdownGet the high-level scoop on what entails of a CTF and tools that come in handy!

Closing Remarks

Lab Time

Current Events

44

Welcome Back!

A website!!(It’s About time…)• Shad0wsynd1cate.org

DEF CON Planning

Swag for the Fam!• New stickers!

We Broke 500!

Sticker Trade!

Expectation

5

What is CTF?

6

7

Capture The Flag (CTF)

What is It?• An event/competition • Used for training• DEF CON 4 (1996) CTF was born

• Held every year since then• Originally judges decided points• Grown over time to automated point scoring

Learning• One of the most important reasons to partake

• Throwing yourself in the fire• Teaming up with others

Fun/Prizes!• It is a blast! ‘nuff said!• Lots of prizes and $$

Why Should I Get Involved?

What is Involved in a Cyber CTF?

8

9

Categories

Acquisition and analysis of data/evidence found in

digital devices

Forensics

Practice of concealing messages/information

within other text or data

Steganography

Hashes and bruteforcing

Password Cracking

Analyzing and dissecting a binary

Reverse Engineering

Actually attacking another system

Offensive

Python, PowerShell, Bash, etc.

Scripting

Patching, configuration compliance, security tools configuration (e.g. Pros v.s. Joes

Defense

Steganography

10

11

Steganography

The art of concealing a message or information

within another form of data

What Is It? Tools

Tool used to embed and extract data from image and

audio files

Steghide

View and analyze audio files

Sonic Visualizer

A hex editor to view and edit the raw data of a file

Bless

Forensics

12

13

Forensics

Digital forensics is the scientific process of acquiring and analyzing digital data in an effort to gather evidence based on a specific alert or

event.

What Is It? Tools

Tool to read and write metadata information

Exiftool

Memory analysis tool, awesome for parsing through

mem captures!

Volatility

The most popular packetsniffing tool in the world

Wireshark

Password Cracking

14

15

Password Cracking

Figuring out the password based on extracted hash or

bruteforcing

What Is It? Tools

One the most well-known pw crackers out there!

John The Ripper

Extremely fast pw cracking tool.

Hashcat

Brute force pw cracking tool for remote auth.

Hydra

Offensive

16

17

Offensive

Involves the proactive attempts to hack into a

system via a vulnerability that can be exploited.

What Is It? Tools

Pen. Testing platform used to easily exploit systems/devices

Metasploit

Used to automate the SQL injection process

Sqlmap

Fuzzing tool used to brute force applications

Wfuzz

Defense

18

19

Defense

Every team has its own “vulnerable” servers and

services. Teams must attack other teams applications

while protecting their own from being hacked. Teams must keep their services up and running and must solve

additional tasks and achievements in parallel.

What Is It? Components

You can’t defend Linux servers/applications without understanding some general Linux server administration

Linux Administration

You can’t defend Windows servers/applications without understanding some general

Windows server administration

Windows Administration

You are a part of a team when participating in these type of

events. Communicating effectively is a critical

component.

Communication

As a team you need leaders who are able to delegate tasks and keep people

accountable

Leadership

Scripting

20

21

Scripting

Automating some task or process

What Is It? Tools

Unix shell and command language

Bash

Interpreted high level programming language

Python

General purpose scripting language suited to web

development

PHP

Another high level interpreted programming language

suited for web development

Javascript

Reverse Engineering

22

23

Reverse Engineering

Deconstructing software in order to reveal it’s underlying design and in the context of a

CTF usually exploiting a weakness in that design

What Is It? Tools

Framework for reverse engineering and analyzing

binaries

Radare2

X86 debugger (Windows)OllyDBG

An interactive disassembler The crème de la crème

Ida

Reverse engineering platformHas an API

Binary Ninja

CTF Resources

24

25

Online Resources

OverTheWirehttp://overthewire.org/wargames/

https://www.hackthebox.eu/Hack The Box

https://ctftime.org/CTF Time

https://ctf101.org/CTF101

26

Lab Time

Thank you to our Sponsors!

27

28

Las Vegas

Closing Remarks

29

@Shad0wSynd1cate

Alex “Byt3”@0xalexdelgado

Collin “Unkn0wn”@_Unkn0wn1@collinmontenegro