Upload File

all about capture the flag - florida state university€¦ · styles - attack / defend attack (red...

  • Home
  • Documents
  • All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect
21
All About Capture The Flag

Upload: others

Post on 22-Jun-2020

5 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

All About Capture The Flag

Page 2: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

What are CTFs?

● Hacking Competitions!● Safe way to learn security● Training Grounds

https://ctftime.org/ctf-wtf

https://ctftime.org/ctf-wtf
Page 3: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Who Organizes them?

● Tons of people, companies, universities● NYU Poly (CSAW)● DEFCON● Security Firms (SANS)

Page 4: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Styles - Onsite or Remote

● Onsite○ Typically held during a conference (but not

necessarily)○ DEFCON http://youtu.be/1UT3qXHduts

● Remote○ Email-based (No cON Name CTF Quals)○ Web○ Snail Mail (USB Drive, Raspberry Pi)

http://youtu.be/1UT3qXHduts
Page 5: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Styles - Attack / Defend

● Attack (Red Team), Defend (Blue Team)● Defend

○ Servers with services to maintain and protect. Points for uptime or business injections/tasks.

● Attack○ Exploits need to be developed/discovered to attack

other teams. Points deducted from other teams, or gained for the attacker.

Page 6: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Styles - Jeopardy

Page 7: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Common Categories

● Recon● Forensics● Networking● Programming● Exploitation● Mobile Security

● Reversing● Cryptography● Web● Trivia● Miscellaneous● Steganography

Page 8: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Trivia

● Google Searches● Hacker Culture● “Hack The Planet”

Page 9: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Recon

● Find everything you can about a target● Fuzyll Challenge - Dota Replay● Julian Cohen - OKCupid profile● Kevin Chung - High School photo

Page 10: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Web

● SQLi● XSS● API Information Disclosure● Command Injection / Escapes

Page 11: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Exploit

● Strings / File / Tricks● Memory Exploitation● Sandbox Escapes● Information Leakage

Page 12: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Reversing

● Strings / File / Tricks● Compressed Files● Obscure Systems

Page 13: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Forensics / Networking

● PCAP Files● Log Files● File Systems / Obscure things

Page 14: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Programming / Scripting

● Python● Netcat● Ex: Answer a math problem correctly 1000

times in a minute.

Page 15: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Steganography

● Hiding data in media. (Picture/Audio files)● Gimp● Audacity

Page 16: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Resources

Page 17: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Events & Meetings

● CTF Competitions● Cybersecurity Club meetings Thursdays

5:00pm in Shores 206 (Goldstein Library)● Weekend Hacking Meetings (Variable

times/location)

Page 18: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

n0l3ptr (Who to ask??)● Mitch Schmidt: Crypto, Exploitation, Python● Nathan Nye: Web, Linux● Shawn Stone: Reversing, Exploitation, Forensics ● Brandon Everhart: Reversing, Beginner Questions,

Team Questions

Page 19: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Write Ups

● https://github.com/n0l3ptr● https://ctftime.org ● http://cybersecurity.fsu.edu/club/

https://github.com/n0l3ptr
https://ctftime.org
http://cybersecurity.fsu.edu/club/
Page 20: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Team Communication

● https://n0l3ptr.slack.com○ Join channel: “ctfgroup”

● Club Email List● Facebook: Cybersecurity Club @ FSU

https://n0l3ptr.slack.com
Page 21: All About Capture The Flag - Florida State University€¦ · Styles - Attack / Defend Attack (Red Team), Defend (Blue Team) Defend Servers with services to maintain and protect

Books

● Hacking The Art Of Exploitation○ Jon Erickson


BIODIVERSITY TO DEFEND OR NOT DEFEND SUDHASNHU BATRA

Cybersecurity Readiness Study - DSL Reports2639a7a9ce7cab...Are you ready to defend your organization against a cyber attack? The findings of the Cybersecurity Readiness Study reveal

Defend Freedom! Democracy Under Attack!

NAL ATTACK DANCER AUDITIONS Team...NAL ATTACK DANCER AUDITIONS Frequently Asked Questions What are the minimum qualifications to be a Jacksonville Sharks Attack Dancer? • Must be

Krav Maga Syllabus Level 10 defence & counters Scooping defence & counters Defend and Counters Note Person A should not fake their first attack KRAV MAGA SYLLABUS 10 Attack, Defend,

MOBILES OFF PLEASE Tonight Team attack principles (Mike) Team defence principles (Bailey)

TEAM BASED LEARNING: AN ACTIVE LEARNING STRATEGY FOR … · Team-based learning sequences learning experiences: 3. APPLICATION Learners solve and defend increasingly complex problems

An Approach to Defend Against Wormhole Attack in Ad Hoc Networks Using Digital Signature Jo

The Airborne Electronic Attack Integrated Product Team ... · The Airborne Electronic Attack Integrated Product Team (AEA IPT) Point Mugu, California UNCLASSIFIED // FOR PUBLIC RELEASE

Defend the Vietnamese Revolution! China Spearheads US ... · ter attack as well. A revolutionary internationalist government in Hanoi would appeal to Chinese workers, peasants and

Defend your network with the world’s most secure printing ... Print Security... · Defend your network with the world’s most secure printing . ... Reduce the attack surface through

CISummit 2013: Steve Gullans & Gregory Gallo, The BioSimilar Age: How to Promote a Biosimilar and Defend a Franchise from a BioSimilar Attack

DECEPTION SOLUTION OVERVIEW - Attivo Networks · DECEPTION SOLUTION OVERVIEW DECEIVE. DETECT. DEFEND. DECEPTION FOR DETECTION AND ATTACK PATH VISIBILITY. ... high interaction deception

Please - The Eyethe-eye.eu/public/Books/Occult_Library/Chaos Magic... · Magickal Attack Attack by Enchantment Defend by Evocation I': ~ I'" J . 16 . Commentary 5 . Remember (and

Intel® Software Guard Extensions (Intel® SGX)tce.webee.eedev.technion.ac.il/wp-content/uploads/... · Application gains ability to defend its own secrets – Smallest attack surface

17U BOYS DIVISION POOL KEY - Bigfoot HoopsX1 Centex Attack National Black (TX) AA1 Legends 3T (TX) G2 Team McDyess (OK) U3 Centex Attack National Blue (TX) E1 Louisiana Select Team

MetaSymploit: Day-One Defense against Script …...the popular Metasploit attack framework. Our tool can generate Snort rules to defend against newly distributed Metasploit attack

How to Defend Properly as a Soccer Team [ARTICLE] · understanding of how to defend properly as a team can be the difference between ... 2/25/2016 How to Defend Properly as a Soccer

ADVERSARY ATTACK SIMULATION SERVICES - Logicom · 2020. 1. 8. · ADVERSARY ATTACK SIMULATION SERVICES OUR TEAM OF PROFESSIONALS The Penetration Testing Team of the IT Risk Services,

Medical Device Security: An Industry Under Attack and ... Device Security: An Industry Under Attack and Unprepared to Defend Ponemon Institute© Research Report Sponsored by Synopsys

Msec attack - defend system

INFORMATION FOR PATIENTS FOLLOWING HEART ATTACK · PDF fileCARDIAC REHABILITATION TEAM 1 INFORMATION FOR PATIENTS FOLLOWING HEART ATTACK WHAT IS A HEART ATTACK? Heart attack or

Stress and Plants - biotic stress -. Plants must continuously defend themselves against attack from: – bacteria – viruses – fungi – invertebrates (+ some

Team 6: (DDoS) The Amazon Cloud Attack

AVIATION HISTORY Lecture 9: Military Aviation. What is Military Aviation?? Military aviation is used to attack or defend a country through the sky

Defend Your Data from Ransomware Attacksdiscover.zyxel.com/rs/471-TTL-126/images/Ransomware...Defend Your Data from Ransomware Attacks The Threat of Ransomware The WannaCry attack

We defend your right to defend yourself

AVIATION HISTORY Lecture 9: Military Aviation. Definition of Military Aviation Military aviation is used to attack or defend a country through the sky

Art Attack June15 - scouts.ie · Idea – Art Attack -Make a Giant Art Attack and Photograph it- Objectives: Intellectual • Do you know what qualities you bring to a team? Emotional

4 - The Hacker Methodology · framework by which an SOC team can organize and verify APTs and ... risk. 6/20/17 8 Network Security Technologies Defend across the attack continuum

The Airborne Electronic Attack Integrated Product Team

Divya Marathi News- Latur Service Tax Team Attack

Boosting Red and Blue Team Effectiveness with Cyber Attack

SWEDISH ARMED FORCES Joint Development & Experimentation .../ltu 2010-11-18_eng_ltu karriär.pdf · 1. Defend Sweden against attack by a foreign power 2. Assert Sweden’s national

The Civil War 1861 - 1865. South had some initial advantages Easier to defend than attack – Shorter supply lines – Better knowledge of terrain – Emotional