Aarhus Cyber Security CTF

The event is over - for now

With 150 participants our 2019 event was a huge success. If you want to be part of our next event, please signup to our mailing list, so you get a notification when we are ready with our next workshop or CTF:

Subscribe to our mailing list

What is it

We are arranging a 24 hour Capture The Flag (CTF) competition for everybody who wants to improve their skills regarding Cyber Security. The different challenges will be within the topics:
  • Web exploitation (XSS, Authentication, Information, SQL-injections etc.)
  • Cryptography
  • PPC (algorithms to break stuff, automated playing games etc.)
  • Bad configured servers
  • Reverse engineering
  • Binary exploitation

Challenges will be grouped in topics and divided by difficulty. You are free to choose any challenges you want to work on during the event.

CTFD

Who should participate

Everyone! The event will have focus on being beginner friendly, while still providing harder challenges for the experienced. We will give talks and introductions on various techniques to solve these problems. We will also provide a written introduction to each kind of challenge.

You will have a solid starting point, if you already know how to code, or have a background within mathematics/crypto.

The challenges are to be completed either alone or in groups of up to 5 people, which you decide yourself. The team size is set to encourage teamwork and cooperation, but it is by no means necessary to be that many. Groups of 2-3 persons works just as well.

When is it

The event will start at Friday 10th of May at 5pm (doors open at 4:30pm) and will end Saturday evening. We will provide food during the event. It will also be possible to sleep in an adjacent building using your own sleeping mat.

Location is:
Aarhus Universitet - Incuba
Åbogade 15, 8200 Aarhus

Time schedule

The current schedule for the event is listed below. Please note that the exact schedule might change up until the event. Start and end times will be as listed below.

Friday, 10th of May
16:30 Doors open
17:00 Opening in Store Auditorium
17:30 Challenge Platform opens
18:30 Dinner
20:00 Talk on Web Exploitation and SQL injections
21:00 Talk on Binary Exploitation

Saturday, 11th of May
09:00 Breakfast
09:00 - 11:00 LEGO coffee wagon
11:00 Talk on Crypto
13:00 Lunch
17:00 CTF ends
17:15 Award Ceremony

Talks and introductions

After the event starts you will be given instructions on how to connect to the challenges. After that, you are more than welcome to just start hacking and solve the challenges. If you are unsure about how to progress, we will teach you through some talks and introductions.

We will provide talks within these topics (approximately 20-30 minutes):

  • Network security (NMAP and Metasploit)
  • Web exploitation
  • Binary exploitation
  • SQL-injections
NOTE: This list will definitely change. If you want us to talk about a specific topic, please let us know.

Registration

We need your information in order to prepare the event and challenges as well as ordering food. Please go and complete our signup formular.

Sign up here

Preparations

The only thing you will need to bring is your own computer which should be able to connect to the wireless network. That being said, you can get a head start, by practicing your skills. Google can help your, as well as various online Wargames.

Stay updated

  • Follow our event on Facebook to receive the latest updates.
  • Signup if not already done. As we come closer to the event, we will start sending out more practical information.

Seeking knowledge

  • CTF 101 has a nice list of different categories and explanations on how simple attacks can be conducted. Very beginner friendly. Use it while you play a wargame or when stuck on a challenge.

Wargames to practice

  • Over The Wire which has different levels. The bandit-level starts with introducing basic Linux commands.
  • pwnable.kr contains a lot of beginner friendly challenges as well.
  • Hack The Box again a lot of Wargames. To signup, you need to find the invite code on their website. If stuck, Youtube can help.

Useful tools

A good starting point is to look at the following tools.

  • Virtual Box makes it easy to run Kali Linux. Just install Virtual Box and import the Kali image into it.
  • Kali Linux (direct link) an operating system that comes with a lot of builtin hacking tools.
  • Nmap a networking tool used to scan networks for systems and open ports. Nmap is really useful in finding out, which services a remote system runs. You will need it.
  • Burp Suite a proxy for intercepting and manipulating trafic. Useful as you can use the browser normally and only intercept the exact requests that you want to manipulate.