|
knwminus
|
 |
« on: January 22, 2012, 08:17:57 PM » |
|
Have any of you done any CTF competitions at a security conference? This year I want to go to Derbycon and like most cons I think they are going to do a CTF competition. I would like to participate but I have never been involved with anything like that. If any of you have, how did you prepare for it? Did you have a team or did you go by yourself? Any tips or tricks? This is a pretty good write up of last years CTF at Derbycon http://volatile-minds.blogspot.com/2...and-notes.html |
|
|
|
|
Logged
|
A+ N+ CCNA CCNA:S CNSS 4011 Security+
Next Up: CCNP CCNP:S
|
|
|
|
j0rDy
|
|
« Reply #1 on: January 23, 2012, 06:44:25 AM » |
|
I never participated in one, but i am currently helping setting up the CTF for HackintheBox 2012 Amsterdam. I can not give you any pointers on how to prepare for such an event, but i would say figure out what the focus will be. Normally it is all about hacking boxes, but sometimes there will be a lot of other challenges as well, like binaries, maybe even "low tech" challenges (last year we had some lock picking challenges which were worth quite some points.). Finally, if you are about winning, be sure to enter as a team. More people know more and you can multi task, which should get you faster through challenges. Good luck and report back with your experiences!
|
|
|
|
|
Logged
|
ISC2 Associate, CEH, ECSA, OSCP, OSWP
earning my stripes appears to be a road i must travel alone...with a little help of EH.net
|
|
|
|
3xban
|
|
« Reply #2 on: January 23, 2012, 08:52:56 AM » |
|
I have not done one either but I understand that time is an important factor so make sure you are prepared for whatever they may throw at you. Have all your tools and know how to use them. That way you aren't spending time downloading new ones and googling how to properly use the new versions of them. Here was a decent writeup on the Derbycon CTF last year: http://volatile-minds.blogspot.com/2011/10/derbycon-ctf-results-and-notes.htmlThe author might be an EHnetter but can't recall his name. I would love to participate in one of these even though I might have much to offer, but to just sit in and see what goes on. |
|
|
|
|
Logged
|
Certs: GCWN
(@)Dewser
|
|
|
|
|
|
3xban
|
|
« Reply #4 on: January 23, 2012, 01:46:49 PM » |
|
I completely posted the same link as knwminus  I aren't read so good. :p |
|
|
|
|
Logged
|
Certs: GCWN
(@)Dewser
|
|
|
|
lorddicranius
|
|
« Reply #5 on: January 23, 2012, 02:36:25 PM » |
|
Thanks for the capture.thefl.ag link, Alan! I completely posted the same link as knwminus I aren't read so good. :p Your link works though  |
|
|
|
« Last Edit: January 23, 2012, 02:38:00 PM by lorddicranius »
|
Logged
|
GSEC, eCPPT, Sec+
|
|
|
|
knwminus
|
|
« Reply #6 on: January 23, 2012, 04:00:01 PM » |
|
Epic links. Thanks for the help. I completely posted the same link as knwminus I aren't read so good. :p no worries  |
|
|
|
|
Logged
|
A+ N+ CCNA CCNA:S CNSS 4011 Security+
Next Up: CCNP CCNP:S
|
|
|
ajohnson
Recruiters
Hero Member
 Offline
Posts: 1057
aka dynamik
|
|
« Reply #7 on: January 23, 2012, 05:23:11 PM » |
|
|
|
|
|
|
Logged
|
WIP: GCFA | www.infosiege.net | @infosiege The day you stop learning is the day you start becoming obsolete. |
|
|
|
knwminus
|
|
« Reply #8 on: January 25, 2012, 02:33:49 PM » |
|
Thanks for the info Dyn.
Now time to find a team....
|
|
|
|
|
Logged
|
A+ N+ CCNA CCNA:S CNSS 4011 Security+
Next Up: CCNP CCNP:S
|
|
|
ajohnson
Recruiters
Hero Member
Offline
Posts: 1057
aka dynamik
|
|
« Reply #9 on: January 25, 2012, 03:31:03 PM » |
|
I was actually disappointed I couldn't attend DerbyCon last year; it had a fantastic group of participants. I'm going to make a serious effort to attend this year, so maybe we can get an EH.net team put together.
|
|
|
|
|
Logged
|
WIP: GCFA | www.infosiege.net | @infosiege The day you stop learning is the day you start becoming obsolete. |
|
|
|
knwminus
|
|
« Reply #10 on: January 25, 2012, 05:17:10 PM » |
|
That would be awesome. It is only a few hours from me so I will probably make it down.
|
|
|
|
|
Logged
|
A+ N+ CCNA CCNA:S CNSS 4011 Security+
Next Up: CCNP CCNP:S
|
|
|
|
seanuk
|
|
« Reply #11 on: January 26, 2012, 09:34:18 AM » |
|
I was lucky enough to be at Derbycon last year and I spent a good deal of time on the CTF and finished 2nd place. There were many flags involved (around 80 i think) and the ones that i managed to get were very well thought out and kept the interest level up as they were fun to find. This gave me an idea to create one myself (on a much, much smaller scale) which i made available here: http://www.anotherwayin.net/p/capture-flag-challenge.htmlA few of the flags are very similar to what i found on last years Derbycon so it might help prepare you for some of the things they put in. It's basically a pick n mix of little hacks but you may find it useful. |
|
|
|
« Last Edit: January 26, 2012, 02:01:21 PM by seanuk »
|
Logged
|
|
|
|
ajohnson
Recruiters
Hero Member
Offline
Posts: 1057
aka dynamik
|
|
« Reply #12 on: January 26, 2012, 09:39:18 PM » |
|
Are there teams at DerbyCon, or is it all individual?
|
|
|
|
|
Logged
|
WIP: GCFA | www.infosiege.net | @infosiege The day you stop learning is the day you start becoming obsolete. |
|
|
|
seanuk
|
|
« Reply #13 on: January 27, 2012, 01:22:09 AM » |
|
there weren't any restrictions to my knowledge, some worked alone and some had teams of 6 or so.
|
|
|
|
|
Logged
|
|
|
|
|
seanuk
|
|
« Reply #14 on: February 01, 2012, 08:20:30 AM » |
|
Also worth mentioning, quite a few parts of the CTF brought back memories of the OSCP labs so those that have spent time in there may have an advantage. Not sure if the same guys were involved but I got that impression from it.
|
|
|
|
|
Logged
|
|
|
|
|
