Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
WELCOME TO:
1
“Home of DC 702”
Meetup 1110 :CTF 101
Presents:
2
Current EventsWhat is new with the group?
3
Agenda
CTF 101 BreakdownGet the high-level scoop on what entails of a CTF and tools that come in handy!
Closing Remarks
Lab Time
Current Events
44
Welcome Back!
A website!!(It’s About time…)• Shad0wsynd1cate.org
DEF CON Planning
Swag for the Fam!• New stickers!
We Broke 500!
Sticker Trade!
Expectation
5
What is CTF?
6
7
Capture The Flag (CTF)
What is It?• An event/competition • Used for training• DEF CON 4 (1996) CTF was born
• Held every year since then• Originally judges decided points• Grown over time to automated point scoring
Learning• One of the most important reasons to partake
• Throwing yourself in the fire• Teaming up with others
Fun/Prizes!• It is a blast! ‘nuff said!• Lots of prizes and $$
Why Should I Get Involved?
What is Involved in a Cyber CTF?
8
9
Categories
Acquisition and analysis of data/evidence found in
digital devices
Forensics
Practice of concealing messages/information
within other text or data
Steganography
Hashes and bruteforcing
Password Cracking
Analyzing and dissecting a binary
Reverse Engineering
Actually attacking another system
Offensive
Python, PowerShell, Bash, etc.
Scripting
Patching, configuration compliance, security tools configuration (e.g. Pros v.s. Joes
Defense
Steganography
10
11
Steganography
The art of concealing a message or information
within another form of data
What Is It? Tools
Tool used to embed and extract data from image and
audio files
Steghide
View and analyze audio files
Sonic Visualizer
A hex editor to view and edit the raw data of a file
Bless
Forensics
12
13
Forensics
Digital forensics is the scientific process of acquiring and analyzing digital data in an effort to gather evidence based on a specific alert or
event.
What Is It? Tools
Tool to read and write metadata information
Exiftool
Memory analysis tool, awesome for parsing through
mem captures!
Volatility
The most popular packetsniffing tool in the world
Wireshark
Password Cracking
14
15
Password Cracking
Figuring out the password based on extracted hash or
bruteforcing
What Is It? Tools
One the most well-known pw crackers out there!
John The Ripper
Extremely fast pw cracking tool.
Hashcat
Brute force pw cracking tool for remote auth.
Hydra
Offensive
16
17
Offensive
Involves the proactive attempts to hack into a
system via a vulnerability that can be exploited.
What Is It? Tools
Pen. Testing platform used to easily exploit systems/devices
Metasploit
Used to automate the SQL injection process
Sqlmap
Fuzzing tool used to brute force applications
Wfuzz
Defense
18
19
Defense
Every team has its own “vulnerable” servers and
services. Teams must attack other teams applications
while protecting their own from being hacked. Teams must keep their services up and running and must solve
additional tasks and achievements in parallel.
What Is It? Components
You can’t defend Linux servers/applications without understanding some general Linux server administration
Linux Administration
You can’t defend Windows servers/applications without understanding some general
Windows server administration
Windows Administration
You are a part of a team when participating in these type of
events. Communicating effectively is a critical
component.
Communication
As a team you need leaders who are able to delegate tasks and keep people
accountable
Leadership
Scripting
20
21
Scripting
Automating some task or process
What Is It? Tools
Unix shell and command language
Bash
Interpreted high level programming language
Python
General purpose scripting language suited to web
development
PHP
Another high level interpreted programming language
suited for web development
Javascript
Reverse Engineering
22
23
Reverse Engineering
Deconstructing software in order to reveal it’s underlying design and in the context of a
CTF usually exploiting a weakness in that design
What Is It? Tools
Framework for reverse engineering and analyzing
binaries
Radare2
X86 debugger (Windows)OllyDBG
An interactive disassembler The crème de la crème
Ida
Reverse engineering platformHas an API
Binary Ninja
CTF Resources
24
25
Online Resources
OverTheWirehttp://overthewire.org/wargames/
https://www.hackthebox.eu/Hack The Box
https://ctftime.org/CTF Time
https://ctf101.org/CTF101
26
Lab Time
Thank you to our Sponsors!
27
28
Las Vegas
Closing Remarks
29
@Shad0wSynd1cate
Alex “Byt3”@0xalexdelgado
Collin “Unkn0wn”@_Unkn0wn1@collinmontenegro