# CTF $Event Foo [2021-12-04](https://md.darknebu.la/chaosdorf-ctf#2021-12-04-1400) / [2022-15-01](https://md.darknebu.la/chaosdorf-ctf#2022-01-15-1400) / [2021-02-05](https://md.darknebu.la/chaosdorf-ctf#2022-02-05-1400) [@chaosdorf](https://chaosdorf.de/) + [virtuell](https://virtual.chaosdorf.space/ctf) [@hanemile](twitter.com/@hanemile) ---- ## Was ==**C**== apture ==**T**== he ==**F**== lag --- # Arten - Jeopardy - Attack and Defence ---- ## Jeopardy ![](https://images4.pianshen.com/928/73/73a1c79b9e9cbfffe6bbe194286075f0.png) ---- ## Attack and Defence https://www.youtube.com/watch?v=RkaLyji9pNs https://2021.faustctf.net/information/attackdefense-for-beginners/ --- # Basics - Ablauf - Flags - Kategorien - Wer - Vorraussetzungen ---- ## Ablauf - ankündigung - teamfindung + anmeldung - start - lösen - ende ---- ## Flags - Text der nur durch lösen der challenge gefunden werden kann - formatiert zur einfachen erkennbarkeit: - `CTF{...}` - `flag{...}` ---- ## Kategorien | | | | | --- | --- | --- | | pwn | Binary Exploitation | Remote | | rev | Reversing | Local | | crypto | Cryptography | Mathe | | web | Web | Browser | | forensics | Forensics | Archäologie | | misc | Miscellaneous | Sandbox | ---- ## Wer - Teams aus den verschiedensten leuten - Unis - Hackspaces - Konferenzen - Industrie ---- ## Vorraussetzungen - Geduld und lust --- ## Los Geht's! - Vorher - Start - Während - Nachher ---- ## Vorher - VM / Docker / Tools - Collab tools (pad, video conf, ...) - Internet - Strom - Eat + *Sleep* ---- ## Start - DON'T PANIK! - description lesen - experimentieren! ---- ## Während - challenge aussuchen - einlesen - lösen - Eat + *Sleep* ---- ## Nachher - writeups - 1 Satz bis $n$ Seiten - Videos - Talks --- # Tooling ---- ## pwn - IDA, Ghidra, Binary Ninja, Hopper, Radare2 - Python pwntools for scripting - Debug: gdb + (gef/peda/pwndbg), radare2 - nc - ... ---- ## rev - IDA, Ghidra, Binary Ninja, Hopper, Radare2 - Python pwntools for scripting - Debug: gdb + (gef/peda/pwndbg), radare2 - ... ---- ## crypto - Python - Sage - Stift + Papier - PDF viewer - [Twenty Years of Attacks on the RSA Cryptosystem (pdf)](https://crypto.stanford.edu/~dabo/pubs/papers/RSA-survey.pdf) - ... ---- ## web - Proxy: BurpSuite, OWASP ZAP, MitmProxy - Discovery: - fuzz: dirb, dirbuser, gobuster, wfuzz, **ffuf** - spider: gospider - ... ---- ## forensics - volatility - vim - binwalk - $hexeditor (ImHex) - ... ---- ## misc - ...? --- # HILFE! ---- ## Hilfe finden - `man <...>` - $suchmaschine (google, duckduckgo, wolframalpha, ...) - dokumentation lesen - **andere leute** ---- ## Training - pwn [pwn.college](https://pwn.college/) - crypto [cryptohack.org](https://cryptohack.org/) - web [portswigger academy](https://portswigger.net/web-security/all-materials) - → https://github.com/zardus/wargame-nexus ---- ## CTFs https://ctftime.org/ <img src="https://md.darknebu.la/uploads/upload_064fa52ca4e9d23b9afbba9e9492b3d3.png" height=600px></img> --- # Start https://ctf.emile.space
{"title":"chaosdorf CTF foo"}