I have been to many CTFs over the last five or six years and I wanted to share some tips, tricks, and advice for beginners. My hope is that this post helps those who are new to CTFs by sharing what I pack in my "go-to-war" bag, what some of the non-standard tools I use are, and how I spin up cloud based systems.
When the CTF room opens up, the first problem is finding a place to sit. I like to get to the room as soon as possible to ensure that we have a decent place to setup. For example, all of the Defcon villages on day one are crowded and intense. I encourage everyone that's serious about the event to line up well before it opens. Also, the CTF and the village talks are generally held in the same room so it is likely going to be noisy and seating will be limited. My advice is to sit as close to the infrastructure as possible.
It doesn't hurt to have a plan in place about approaching the challenges before you get there incase you can only tolerate a coupl…
Arcticcon is a conference by red teamers, for red teamers...and I was lucky enough to attend and participate in their 2019 CTF.
First of all, the conference was amazing. The first day was dedicated to the CTF, the second day had a focus on training/labs, and the third day was loaded with presentations that were all informative, inspiring, and packed full of tips, tricks, tools, and advice that I could actually use in my day-to-day.
The CTF had three main components to it, with SE being peppered in as well: OSINTPhysicalNetpen
I was assigned to team IronMan, along with five others.
On May 2nd, 2019, the CTF opened up for teams to begin working on the OSINT challenges.
The Jeopardy style challenge board gave no hints and asked no questions.
Here is an example of a challenge:
I began this CTF with some bad assumptions concerning when it was held last year, so shortly after I began my hunt for OSINT, I started submitting flags from last years challenges. Th…
I was lucky enough to score tickets to Shmoocon again and of course I was looking forward to working on a CTF while I was there. Black Hills Information Security had organized a CTF to run at Shmoo which made me super happy as I have a lot of respect for them and was excited to see what they had in store for us players.
Unfortunately, I had to work most of Friday and leave first thing Sunday morning. This left me with only a handful of hours on Saturday to compete as I balanced my time with other con activities.
My coworker, Wole, joined the team and together we reached as high as 13th place in just a few hours. The final scoreboard was still hidden at the time of this writing, but I have a feeling we got knocked down a few spots.
The CTF was powered by MetaCTF and the challenges were categorized as follows: CryptographyReconnaissanceWeb ExploitationReverse EngineeringForensicsOther
One challenge that I thought would make for a good blog post to write on the train home was called: &quo…