Aarhus Cyber Security CTF

What is it

We are arranging a 24 hour Capture The Flag (CTF) competition for everybody who wants to improve their skills regarding Cyber Security. The different challenges will be within the topics:
  • Web exploitation (XSS, Authentication, Information, SQL-injections etc.)
  • Cryptography
  • PPC (algorithms to break stuff, automated playing games etc.)
  • Bad configured servers
  • Reverse engineering
  • Binary exploitation

Challenges will be grouped in topics and divided by difficulty. You are free to choose any challenges you want to work on during the event.

CTFD

Who should participate

Everyone! The event will have focus on being beginner friendly, while still providing harder challenges for the experienced. We will give talks and introductions on various techniques to solve these problems. We will also provide a written introduction to each kind of challenge.

You will have a solid starting point, if you already know how to code, or have a background within mathematics/crypto.

The challenges are to be completed either alone or in groups of up to 5 people, which you decide yourself. The team size is set to encourage teamwork and cooperation, but it is by no means necessary to be that many. Groups of 2-3 persons works just as well.

When is it

The event will start at Friday 10th of May at 5pm and will end Saturday evening. We will provide food during the event. It will also be possible to sleep in an adjacent building using your own sleeping mat.

Location is:
Aarhus Universitet - Nygaard Building
Finlandsgade 21, 8200 Aarhus

Talks and introductions

After the event starts you will be given instructions on how to connect to the challenges. After that, you are more than welcome to just start hacking and solve the challenges. If you are unsure about how to progress, we will teach you through some talks and introductions.

We will provide talks within these topics (approximately 20-30 minutes):

  • Network security (NMAP and Metasploit)
  • Web exploitation
  • Binary exploitation
  • SQL-injections
NOTE: This list will definitely change. If you want us to talk about a specific topic, please let us know.

Registration

We need your information in order to prepare the event and challenges as well as ordering food. Please go and complete our signup formular.

Sign up here

Preparations

The only thing you will need to bring is your own computer which should be able to connect to the wireless network. That being said, you can get a head start, by practicing your skills. Google can help your, as well as various online Wargames.

Stay updated

  • Follow our event on Facebook to receive the latest updates.
  • Signup if not already done. As we come closer to the event, we will start sending out more practical information.

Seeking knowledge

  • CTF 101 has a nice list of different categories and explanations on how simple attacks can be conducted. Very beginner friendly. Use it while you play a wargame or when stuck on a challenge.

Wargames to practice

  • Over The Wire which has different levels. The bandit-level starts with introducing basic Linux commands.
  • pwnable.kr contains a lot of beginner friendly challenges as well.
  • Hack The Box again a lot of Wargames. To signup, you need to find the invite code on their website. If stuck, Youtube can help.

Useful tools

A good starting point is to look at the following tools.

  • Virtual Box makes it easy to run Kali Linux. Just install Virtual Box and import the Kali image into it.
  • Kali Linux an operating system that comes with a lot of builtin hacking tools.
  • Nmap a networking tool used to scan networks for systems and open ports. Nmap is really useful in finding out, which services a remote system runs. You will need it.
  • Burp Suite a proxy for intercepting and manipulating trafic. Useful as you can use the browser normally and only intercept the exact requests that you want to manipulate.