SlideShare ist ein Scribd-Unternehmen logo

Lessons Learned Planning, Managing, and Running the BSTJF CTF

B
Ben Ten (0xA)

Derek and I talk about how we run the BSJTF CTF

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
Lessons Learned Planning, Managing, and Running the BSJTF CTF Ben Ten (@Ben0xA Derek Thomas (@dth0m) Bsides Detroit 2014
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About Ben Ben Ten (0xA) @Ben0xA - twitter Chicago - #burbsec Vice President Security Officer Developer PoshSec Framework Developer / Creator Gamer Geek
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About Derek Derek Thomas @dth0m - twitter Detroit-#MiSec Security Consultant Log Monkey BSJTF Co Organizer
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Where did this all start? ● MiSec competing in many capture the flag competitions ● CSAW 2012/2013, Ghost in the shellcode 2012/2013, RuCTFe 2012 ● Wanted a proving ground for creating new challenges for the team ● Wango Ztango steps ● Zombie Tango stepped up and built the initial framework ● Was used to host some training challenges and eventually hold a CTF ● During 2013 collaboration between Chicago and Detroit Bsides events and it was suggested that we work together to host a combined event
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Cross City CTF 2013 was born! ● Collaborative CTF event was created to start at Bsides Chicago and end in Bsides Detroit ● Collaborators: Ben, Derek, Juan ● Started planning for the event in Nov or Dec of 2012 ● Each city had around 25-30 challenges with a local winner but there was also an overall grand prize winner. ● Teaser challenges were dropped in the weeks leading up to each competition ● Challenges were open for 2 days ● Framework was hosted in AWS ● Built in event logging system developed to detect potential attacks on the application
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Chicago Event ● Strong turn out with some talented teams ● Started Saturday Morning and ran until Sunday evening ● Saturday competition went relatively ok ● Encountered several challenges where the answers were not communicated and entered correctly, Hard to solve a challenge that doesn’t have a right answer ● This can occur since many of the challenges are submitted by volunteers and sometimes the importance of an exact answer is underestimated ● Competition continued until Sunday to allow teams to have 2 days at each competition ● Sunday went alright until Ben noticed that someone’s score started increasing at an abnormal pace
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Transition to Detroit
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF (Challenges and lessons learned) ● Planning and running a CTF is a lot of work ● Challenges can take a significant quantity of time to develop and test ● It was important to have organizers with a wide array of skills ● We wanted to focus on creating fun challenges that were solvable in the time allotted ● Many tips were given to help teams along ● We encountered issues with challenge answers that were too vague ● Definitive walkthroughs and answers are a must
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF 2014 – A New Year!
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Chicago 2014 ● Went off without a hitch ● Tried a new category for home automation with the help of Beltface ● We thought it would be cool to hack the Hue lights ● So did everyone else, the lights became completely un responsive and unable to connect to the network ● We thought they were bricked somehow but ultimately the lights were fixed
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Circle City Con 2014
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Lork – many Lulz!
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Lork – many Death threats!
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Lork – Hosting Issues Email at 4am from Host: “Please... make them stop!!!! :'(
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Detroit – Happening Naow!
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF 2014 Lessons Learned ● 3 CTF competitions in roughly 3 months with close to 90 challenges is tough ● We feel the competitions are worth it ● Help develop new skills ● Refine old skills ● Think outside of the box ● Lots of fun
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Requirements for CTF ● Varied Talent ● Varied challenges ● 25-30 challenges easy to mind bending difficulty ● Solid unfiltered Internet connection ● Dedicated wireless network for the CTF ● Spare the civilians ● Framework to host the challenges, track the progress, and verify the answers ● Lots of time ● Couple hours per challenge minimum? ● People to play
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF The Future!
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) Contact - Q&A Ben Ten (0xA) @Ben0xA - twitter http://ben0xa.com https://bsjtf.com web@ben0xa.com irc.freenode.net #burbsec, #poshsec, #pssec QUESTIONS?! Derek Thomas @dth0m - twitter https://bsjtf.com irc.freenode.net #misec
Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) Thank You!

Empfohlen

Main Lessons Learned Reading The Leader's Guide to Storytelling
Main Lessons Learned Reading The Leader's Guide to StorytellingMain Lessons Learned Reading The Leader's Guide to Storytelling
Main Lessons Learned Reading The Leader's Guide to Storytelling
André Faria Gomes
 
Steve Jobs - Lessons Learned
Steve Jobs - Lessons LearnedSteve Jobs - Lessons Learned
Steve Jobs - Lessons Learned
André Faria Gomes
 
Gray Hat PowerShell - ShowMeCon 2015
Gray Hat PowerShell - ShowMeCon 2015Gray Hat PowerShell - ShowMeCon 2015
Gray Hat PowerShell - ShowMeCon 2015
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended EditionPractical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended Edition
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional PeoplePractical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional People
Ben Ten (0xA)
 
Call of Community - ShowMeCon 2014
Call of Community - ShowMeCon 2014Call of Community - ShowMeCon 2014
Call of Community - ShowMeCon 2014
Ben Ten (0xA)
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 

Empfohlen

Main Lessons Learned Reading The Leader's Guide to Storytelling
Main Lessons Learned Reading The Leader's Guide to StorytellingMain Lessons Learned Reading The Leader's Guide to Storytelling
Main Lessons Learned Reading The Leader's Guide to Storytelling
André Faria Gomes
 
Steve Jobs - Lessons Learned
Steve Jobs - Lessons LearnedSteve Jobs - Lessons Learned
Steve Jobs - Lessons Learned
André Faria Gomes
 
Gray Hat PowerShell - ShowMeCon 2015
Gray Hat PowerShell - ShowMeCon 2015Gray Hat PowerShell - ShowMeCon 2015
Gray Hat PowerShell - ShowMeCon 2015
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended EditionPractical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended Edition
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional PeoplePractical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional People
Ben Ten (0xA)
 
Call of Community - ShowMeCon 2014
Call of Community - ShowMeCon 2014Call of Community - ShowMeCon 2014
Call of Community - ShowMeCon 2014
Ben Ten (0xA)
 
It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013It's Okay To Touch Yourself - DerbyCon 2013
It's Okay To Touch Yourself - DerbyCon 2013
Ben Ten (0xA)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Kürzlich hochgeladen (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Empfohlen

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Empfohlen (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Lessons Learned Planning, Managing, and Running the BSTJF CTF

  • 1. Lessons Learned Planning, Managing, and Running the BSJTF CTF Ben Ten (@Ben0xA Derek Thomas (@dth0m) Bsides Detroit 2014
  • 2. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About Ben Ben Ten (0xA) @Ben0xA - twitter Chicago - #burbsec Vice President Security Officer Developer PoshSec Framework Developer / Creator Gamer Geek
  • 3. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About Derek Derek Thomas @dth0m - twitter Detroit-#MiSec Security Consultant Log Monkey BSJTF Co Organizer
  • 4. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Where did this all start? ● MiSec competing in many capture the flag competitions ● CSAW 2012/2013, Ghost in the shellcode 2012/2013, RuCTFe 2012 ● Wanted a proving ground for creating new challenges for the team ● Wango Ztango steps ● Zombie Tango stepped up and built the initial framework ● Was used to host some training challenges and eventually hold a CTF ● During 2013 collaboration between Chicago and Detroit Bsides events and it was suggested that we work together to host a combined event
  • 5. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Cross City CTF 2013 was born! ● Collaborative CTF event was created to start at Bsides Chicago and end in Bsides Detroit ● Collaborators: Ben, Derek, Juan ● Started planning for the event in Nov or Dec of 2012 ● Each city had around 25-30 challenges with a local winner but there was also an overall grand prize winner. ● Teaser challenges were dropped in the weeks leading up to each competition ● Challenges were open for 2 days ● Framework was hosted in AWS ● Built in event logging system developed to detect potential attacks on the application
  • 6. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Chicago Event ● Strong turn out with some talented teams ● Started Saturday Morning and ran until Sunday evening ● Saturday competition went relatively ok ● Encountered several challenges where the answers were not communicated and entered correctly, Hard to solve a challenge that doesn’t have a right answer ● This can occur since many of the challenges are submitted by volunteers and sometimes the importance of an exact answer is underestimated ● Competition continued until Sunday to allow teams to have 2 days at each competition ● Sunday went alright until Ben noticed that someone’s score started increasing at an abnormal pace
  • 7. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Transition to Detroit
  • 8. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF (Challenges and lessons learned) ● Planning and running a CTF is a lot of work ● Challenges can take a significant quantity of time to develop and test ● It was important to have organizers with a wide array of skills ● We wanted to focus on creating fun challenges that were solvable in the time allotted ● Many tips were given to help teams along ● We encountered issues with challenge answers that were too vague ● Definitive walkthroughs and answers are a must
  • 9. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF 2014 – A New Year!
  • 10. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Chicago 2014 ● Went off without a hitch ● Tried a new category for home automation with the help of Beltface ● We thought it would be cool to hack the Hue lights ● So did everyone else, the lights became completely un responsive and unable to connect to the network ● We thought they were bricked somehow but ultimately the lights were fixed
  • 11. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Circle City Con 2014
  • 12. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Lork – many Lulz!
  • 13. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Lork – many Death threats!
  • 14. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Lork – Hosting Issues Email at 4am from Host: “Please... make them stop!!!! :'(
  • 15. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Detroit – Happening Naow!
  • 16. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF 2014 Lessons Learned ● 3 CTF competitions in roughly 3 months with close to 90 challenges is tough ● We feel the competitions are worth it ● Help develop new skills ● Refine old skills ● Think outside of the box ● Lots of fun
  • 17. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF Requirements for CTF ● Varied Talent ● Varied challenges ● 25-30 challenges easy to mind bending difficulty ● Solid unfiltered Internet connection ● Dedicated wireless network for the CTF ● Spare the civilians ● Framework to host the challenges, track the progress, and verify the answers ● Lots of time ● Couple hours per challenge minimum? ● People to play
  • 18. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) About BSJTF The Future!
  • 19. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) Contact - Q&A Ben Ten (0xA) @Ben0xA - twitter http://ben0xa.com https://bsjtf.com web@ben0xa.com irc.freenode.net #burbsec, #poshsec, #pssec QUESTIONS?! Derek Thomas @dth0m - twitter https://bsjtf.com irc.freenode.net #misec
  • 20. Practical PowerShell Programming for Professional People Converge Detroit - Ben Ten (@Ben0xA) Thank You!