I have been to many CTFs over the last five or six years and I wanted to share some tips, tricks, and advice for beginners. My hope is that this post helps those who are new to CTFs by sharing what I pack in my "go-to-war" bag, what some of the non-standard tools I use are, and how I spin up cloud based systems.
When the CTF room opens up, the first problem is finding a place to sit. I like to get to the room as soon as possible to ensure that we have a decent place to setup. For example, all of the Defcon villages on day one are crowded and intense. I encourage everyone that's serious about the event to line up well before it opens. Also, the CTF and the village talks are generally held in the same room so it is likely going to be noisy and seating will be limited. My advice is to sit as close to the infrastructure as possible.
It doesn't hurt to have a plan in place about approaching the challenges before you get there incase you can only tolerate a coupl…
Arcticcon is a conference by red teamers, for red teamers...and I was lucky enough to attend and participate in their 2019 CTF.
First of all, the conference was amazing. The first day was dedicated to the CTF, the second day had a focus on training/labs, and the third day was loaded with presentations that were all informative, inspiring, and packed full of tips, tricks, tools, and advice that I could actually use in my day-to-day.
The CTF had three main components to it, with SE being peppered in as well: OSINTPhysicalNetpen
I was assigned to team IronMan, along with five others.
On May 2nd, 2019, the CTF opened up for teams to begin working on the OSINT challenges.
The Jeopardy style challenge board gave no hints and asked no questions.
Here is an example of a challenge:
I began this CTF with some bad assumptions concerning when it was held last year, so shortly after I began my hunt for OSINT, I started submitting flags from last years challenges. Th…
The Car Hacking Village CTF at DEF CON 27 was a fun, educational, and humbling event to participate in. We got 9th place, mostly due to luck and tenacity. Before this event, we have not tried to interface with, let alone hack, a vehicle. So, we spent the whole of DEF CON 27 in the CHV CTF to change that. Here's our story...
CHV CTF Final Scoreboard
Unfortunately, we cannot offer up a single write-up for the actual car hacking challenges as we were unable to complete a single one of them. However, there were a lot of trivia questions which sent us down multiple rabbit holes where we learned terms, concepts, and attack vectors that we had zero knowledge of before. The purpose of this post is simply to share our experience and touch on building the nano-can and using a HackRF One to replay a key-fob button press.
Overall, I'd say that going to one of the largest hacking conferences in the world to participate in a hacking competition against something that you have zero experienc…