Aarhus Cyber Security CTF

24 hours of trying to break security, April 17th-18th, 2020

IMPORTANT: Postphoned due to the corona virus

Due to the corona virus and related restrictions our event cannot take place. Thus, we have been forced to postphone it. We expect to hold it on the other side of Summer, but the final date has not yet been settled upon.

To get a notification when we have a new date, please subscribe to our mailing list.

Subscribe to our mailing list

What

We are arranging a 24 hour Capture The Flag (CTF) competition for everybody who wants to improve their skills regarding Cyber Security. The different challenges will be within the topics:
  • Web exploitation (XSS, Authentication, Information, SQL-injections etc.)
  • Cryptography
  • PPC (algorithms to break stuff, automated playing games etc.)
  • Bad configured servers
  • Reverse engineering
  • Binary exploitation

Challenges will be grouped in topics and divided by difficulty. You are free to choose any challenges you want to work on during the event.

CTFD

Who should participate

Everyone! The event will have focus on being beginner friendly, while still providing harder challenges for the experienced. We will give talks and introductions on various techniques to solve these problems. We will also provide a written introduction to each kind of challenge.

Expected skills
You should be familiar with writing short scripts and analyzing code as many of the challenges will require you to do so. Some might require you to automate a simple process leaking a character at a time. Doing so manually is possible, but if you have to do it 4000 times it becomes quite tedious.

The challenges are to be completed either alone or in groups of up to 5 people, which you decide yourself. The team size is set to encourage teamwork and cooperation, but it is by no means necessary to be that many. Groups of 2-3 persons works just as well.

When is it

The event will start at Friday 17th of April at 5pm (doors open at 4:30pm) and will end Saturday evening. We will provide food during the event. It will also be possible to sleep in an adjacent building using your own sleeping mat.

Location is:
Aarhus Universitet - Incuba
Åbogade 15, 8200 Aarhus

Time schedule

The current schedule for the event is listed below. Please note that the exact schedule might change up until the event. Start and end times will be as listed below.

Friday, 17th of April
 16:30 Doors open
17:00 Opening in Store Auditorium
17:30 Challenge Platform opens
18:30 Dinner
20:00 Talk #1 (*)
21:00 Talk #2 (*)

Saturday, 18th of April
 09:00 Breakfast
11:00 Talk #3 (*)
13:00 Lunch
17:00 CTF ends
17:15 Award Ceremony

(*) Talks are not decided yet. Last year we had talks on how to do Web, Crypto, Binary Reversing and SQL-injections.

Talks and introductions

For those who want to learn

After the event starts you will be given instructions on how to connect to the challenges. After that, you are more than welcome to just start hacking and solve the challenges. If you are unsure about how to progress, we will teach you through some talks and introductions.

We will provide talks within these topics (approximately 20-30 minutes):

  • Network security (NMAP and Metasploit)
  • Web exploitation
  • Binary exploitation
  • SQL-injections
NOTE: This list will definitely change. If you want us to talk about a specific topic, please let us know.

Registration

We need your information in order to prepare the event and challenges as well as ordering food. Please go and complete our signup formular. Registration is free due to our sponsors. The event is open to everyone, so you do not have to be a student to participate.

GO TO REGISTRATION

Preparations

The only thing you will need to bring is your own computer which should be able to connect to the wireless network. That being said, you can get a head start, by practicing your skills. Google can help your, as well as various online Wargames.

Stay updated

  • Follow our event on Facebook to receive the latest updates.
  • Signup if not already done. As we come closer to the event, we will start sending out more practical information.

Seeking knowledge

  • CTF 101 has a nice list of different categories and explanations on how simple attacks can be conducted. Very beginner friendly. Use it while you play a wargame or when stuck on a challenge.

Wargames to practice

  • Over The Wire which has different levels. The bandit-level starts with introducing basic Linux commands.
  • pwnable.kr contains a lot of beginner friendly challenges as well.
  • XSS Game a place for training XSS-injections with help and guidelines along the way. Very beginner friendly.
  • Hack The Box again a lot of Wargames. To signup, you need to find the invite code on their website. If stuck, Youtube can help.
  • VulnHub similar to Hack The Box it contains a lot of vulnerable machines for which you can practice hacking machines. Seems only to have Linux machines.
  • Root Me albeit similar to Hack The Box and VulnHub they claim to focus on providing educational material for training which the others do not. Everything is free.
  • TryHackMe also online machines you can have a go at. Claims to have tutorial-like practice paths for solving the challenges/machines.

Useful tools

A good starting point is to look at the following tools.

  • Virtual Box makes it easy to run Kali Linux. Just install Virtual Box and import the Kali image into it.
  • Kali Linux (direct link) an operating system that comes with a lot of builtin hacking tools.
  • Nmap a networking tool used to scan networks for systems and open ports. Nmap is really useful in finding out, which services a remote system runs. You will need it.
  • Burp Suite a proxy for intercepting and manipulating trafic. Useful as you can use the browser normally and only intercept the exact requests that you want to manipulate.