The document discusses Capture the Flag (CTF) competitions, which provide a safe environment for practicing hacking skills and learning about cybersecurity threats. CTF competitions involve challenges at different skill levels related to hacking, cryptography, forensics, and other IT security topics. Participants can learn about vulnerabilities and misconfigurations, practice real attacks, and improve their skills through the game-like format of CTF events. Examples of challenges described in the document include extracting a hidden image from DNS traffic and analyzing an audio file spectrogram to reveal hidden text.
Powerful Google developer tools for immediate impact! (2023-24 C)
Â
The Art of CTF
1. {elysiumsecurity}
THE ART OF CTF
Version: 1.2a
Date: 28/08/2018
Author: Sylvain Martinez
Reference: ESC10-MUSCL
Classification: Public
cyber protection & response
2. {elysiumsecurity}
cyber protection & response
2
EXAMPLESBENEFITSCONCEPTCONTEXT
âą What is a CTF? âą Find the image!
âą Look at this sound!
CONTENTS
Public
âą Skills Challenges;
âą Resources Challenges;
âą Learning Challenges;
âą Learn;
âą Practice;
âą Win;
3. {elysiumsecurity}
cyber protection & response
3
EXAMPLESBENEFITSCONCEPTCONTEXT
SKILLS CHALLENGES
Public
62% HAVE NOT INCREASED
SECURITY TRAINING BUDGET
1 OUT OF 3 SECURITY PROS NOT
FAMILIAR WITH NEW THREATS
Icons from the noun project unless specified otherwise, SOURCE: Business Wire 2014
83% OF ENTERPRISES LACK THE
RIGHT SKILLS AND RESOURCES TO
PROTECT THEIR IT ASSETS
4. {elysiumsecurity}
cyber protection & response
4
EXAMPLESBENEFITSCONCEPTCONTEXT
RESOURCES CHALLENGES
Public
1 MILLION UNFILLED SECURITY
JOBS WORDWIDE
92% OF HIRING MANAGER SEEKS
PAST EXPERIENCE IN SECURITY
SOURCE: Business Wire 2014 and CBR ONLINE 2017
<2.4% GRADUATING STUDENTS
HAVE SECURITY DEGREES
5. {elysiumsecurity}
cyber protection & response
5
EXAMPLESBENEFITSCONCEPTCONTEXT
LEARNING CHALLENGES
Public
EXPERIMENTATION DANGER
TRAINING CREATIVITY
6. {elysiumsecurity}
cyber protection & response
6
WHAT IS A CTF?
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
A SAFE HACKING ENVIRONMENT
A GUIDED JOURNEY OF HACKING
CHALLENGES
CAPTURE THE FLAG
IS A LEARNING GAME
7. {elysiumsecurity}
cyber protection & response
7
WHAT IS A CTF?
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
MOST CTF ARE FREE
MANY ARE AVAILABLE ONLINE
SOME REQUIRE PHYSICAL ACCESS
8. {elysiumsecurity}
cyber protection & response
8
WHAT IS A CTF?
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
ACCESSIBLE TO ALL SKILL LEVELS
USUALLY FIND AN MD5 HASH
bac2e4a7dab0d89df5f672972910b8c4
MOST CTF OFFENSIVE
SOME DEFENSIVE
9. {elysiumsecurity}
cyber protection & response
9
LEARN
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU LEARN THE REAL IMPACT OF
KNOWN VULNERABILITIES
YOU LEARN THE REAL IMPACT OF
MISCONFIGURATION AND
PATCHING
YOU LEARN WHILST PLAYING A
GAME
10. {elysiumsecurity}
cyber protection & response
10
PRACTICE
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU PRACTISE REAL ATTACKS
YOU PRACTISE OUTSIDE THE BOX
THINKING
YOU PRACTISE OTHER IT SKILLS
11. {elysiumsecurity}
cyber protection & response
11
WIN!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU GET A FREE TRAINING
GROUND
YOU MAY EVEN GET MONEY/GIFT
YOU GET PEERS RECOGNITION
12. {elysiumsecurity}
cyber protection & response
12
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SANS XMAS CHALLENGE 2015
PART 1, QUESTION 2
FIND THE IMAGE IN THE PCAP FILE
DNS
TRAFFIC
ONLY
14. {elysiumsecurity}
cyber protection & response
14
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
â1337â IS HACKING REFERENCE!
FOLLOW THE UDP STREAM
15. {elysiumsecurity}
cyber protection & response
15
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SAVE TEXT INTO A FILE AND EXTRACT THE âEXTRA DNS
INFORMATIONâ
16. {elysiumsecurity}
cyber protection & response
16
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU GET THE IMAGE WHICH WAS TRANSMITTED OVER DNS
QUERIES
SANS XMAS CHALLENGE 2015
WRITE
https://www.elysiumsecurity.com/blog/Challenges/post6.html#two
17. {elysiumsecurity}
cyber protection & response
17
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU LEARNT HOW TO USE WIRESHARK AND INVESTIGATE
TRAFFIC FLOW
YOU LEARNT HOW TO EXTRACT DATA FROM A PACKET CAPTURE
YOU LEARNT OF A HACKING TECHNICS TO EXFILTRATE
INFORMATION FROM A LOCKED DOWN ENVIRONMENT
YOU LEARNT THAT GNOMES ARE EVIL!
18. {elysiumsecurity}
cyber protection & response
18
LOOK AT THIS SOUND!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SANS BROCHURE CHALLENGE 2014
CHALLENGE 3, LEVEL 2
âLOOK AT AN AUDIO FILEâ
REFERENCE TO AN SVN
COPYING REPO PRODUCES FILES BUT NO AUDIO FILE
LOOKING AT COMMAND OUTPUT
DONOTOPEN.MP3 GETS DELETED
EDIT THE REPO.SVN AND REMOVE DELETE INSTRUCTION
YOU HAVE A WAVE FILE!
19. {elysiumsecurity}
cyber protection & response
19
LOOK AT THIS SOUND!
Public
WHAT TO DO WITH THAT FILE?
EXAMPLESBENEFITSCONCEPTCONTEXT
âWhich of the following would you most prefer? A) a puppy B) a
pretty flower from your sweetie or C) a large properly formed
data file? You have failed this reverse Turing test, now suffer the
consequences.. â
20. {elysiumsecurity}
cyber protection & response
20
LOOK AT THIS SOUND!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SANS BROCHURE CHALLENGE 2015
WRITE UP:
https://www.elysiumsecurity.com/blog/Challenges/post2.html
SPECTROGRAM!
21. {elysiumsecurity}
cyber protection & response
21
LOOK AT THIS SOUND!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU LEARNT TO PAY ATTENTION ABOUT WHAT IS BEING ASKED
YOU LEARNT HOW TO USE A REPOSITORY ENVIRONMENT
YOU LEARNT TO THINK OUTSIDE THE BOX AND⊠PERSEVERE!
YOU LEARNT A STEGANOGRAPHY TECHNIC