CTF for Mortals

Transcript

1. CTF FOR MORTALS Leigh Honeywell Seattle Attic Community Workshop

2. ABOUT ME • I work at a large software company

   in Redmond • (but I’m speaking only on my behalf) • Co-founded a couple of hackerspaces • From around here • Went to U of T • Former Bell, MessageLabs/Symantec Cloud, independent consultant, failed startup founder • Hate when speakers spend too long on their bios, so I’ll shut up now. • @hypatiadotca on the tweeters

3. WHAT THE CTF • Hacking tournament • Capture “flags” that

   look like flag{sdjkfhekjhremn} or sometimes flag{forensics_is_fun} you then submit to a game server for point • Play alone or with others, sometimes at big events or just online

4. CTF IS FOR EVERYONE • Remember “Hackerspace Design Patterns”? This

   is like that, but for CTF. • Whatever lets you learn and have fun is the right way to play. • Even non-programmers and people who aren’t security specialists can learn and have fun playing – bond with your parents or kids*! *competition IRC channels etc. can be full of pottymouthed asshats. Don’t be that asshat.

5. WELL, ALMOST EVERYONE •Some tournaments are student-only or have a

   student-only category •Some require you to be on-site •Some just want part of the team on-site, can have remote support •Qualification rounds – Defcon, CSAW (they fly you to NYC!)

6. MY EXPERIENCES • 2011 UCSB iCTF – placed ~35th out

   of ~80 teams • Attack-Defend, student only CTF • Mentored by Alan Rosenthal at U of T – THANK YOU • 2013 NYU CSAW – placed ~300th out of ~1400 • Jeopardy style, open to non-students • Team Unicode Sparklehearts • Yup, I’ve only played two games. And I’m here talking to you. "What do I know now that I wish I knew a year ago?" --Jack Diederich

7. OUTLINE •Styles of CTF •Building your team •Preparation •Game Day

   •OPSEC •Postmortem •Upcoming Games •Further Reading

8. TYPES OF CTF

9. STYLES Attack/Defend • Keep services running • Attack other teams

   • Attack central services • Involves infrastructure, possibly a VPN Jeopardy • Challenges you download • Various points / difficulty levels • Attack central services

10. STYLES Attack/Defend Jeopardy

11. TYPICAL CTF TOPICS •Trivia •Recon •Puzzles •Steganography/ Forensics

12. TYPICAL CTF TOPICS •Reversing •Exploitation •Crypto •Web •Defense

13. PREPARATION Friends don’t let friends CTF unawarez

14. TIMELINE -1 Month •Basic infrastructure •Tools •Skills Roster -2 Weeks

    •Pick co- ordinator •Tactics •More infrastructure -1 Week •Hardware •Network •Logistics -1 to 3 Days •Food •Nap options At each checkpoint, check for any newly available information from the contest organizers!

15. ONE MONTH AWAY -1 Month -2 Weeks -1 Week -1

    to 3 Days At each checkpoint, check for any newly available information from the contest organizers! • Initial infrastructure: • mailing list • IRC channel • document share • Recruit! • Meet to go over tools, initial skills roster • Show newbies how to IRC. Freenode has webchat. Consider setting a password.

16. BUILDING YOUR TEAM

17. REAL VS. VIRTUAL •Recruit diversely •Different skills = valuable •Teams

    across timezones = moar sleep •Find someone with access to physical space

18. TEAM SIZE •There’s usually no minimum •If there are rules,

    try to max out the allowed team •Otherwise the more the merrier, but the more folks you have the more important task allocation becomes

19. MY TEAM • Unicode Sparklehearts • 2/3 women, geographically distributed

    • Recruited on women-in-tech mailing lists • About 20 people (8 active in NYU game, in Seattle and online) • Variety of skill levels from non-programmers to kernel hackers • Anti-harassment policy for our team space • Recruiting non-jerks of all skill levels and genders!

20. A WORD ABOUT TOOLS • Too many to name •

    Many of them are in Backtrack / Kali Linux • Check the resources at the end of this deck • Top n: • IDA • Web proxy • Notepad++/Textmate • Search engine • Scripting language (python ftw)

21. TWO WEEKS AWAY -1 Month -2 Weeks -1 Week -1

    to 3 Days At each checkpoint, check for any newly available information from the contest organizers! • Review tactics • old pcaps and challenges • WALKTHROUGHS • Review skills roster • Figure out initial task breakdown • Pick a co-ordinator

22. ONE WEEK AWAY -1 Month -2 Weeks -1 Week -1

    to 3 Days At each checkpoint, check for any newly available information from the contest organizers! • Get computers in order: multiple OSes are a good idea • Server (maybe one with cuda-compatible video for cracking • Shells • Ensure you have a fat pipe + backup interwebs • Download rainbow tables • Spare laptops with Kali Linux • Whiteboards or butcher paper, markers, postits, lab notebooks • Switches and routers, printer • Consider letting your ISP know you'll be playing CTF

23. ONE TO THREE DAYS AWAY -1 Month -2 Weeks -1

    Week -1 to 3 Days At each checkpoint, check for any newly available information from the contest organizers! • Double-check your interwebs • Arrange food. • Reasonably healthy brain food. • Snacky things like carrots and hummus, fruit. • PROTEIN. WATER. • For longer CTFs, stock up on sleep! • If the game is 12+ hours, bring something to nap on - couches or thermarests, pillows, blankets.

24. GAME DAY Or weekend! Or longer! AHHHH I NEED SLEEP!

25. AW YEAH HACKING TIME •Read through all the challenges •Start

    downloading any additional tools you need •For Attack/Defend games, set up services

26. CO-ORDINATE! • Have the co-ordinator you chose during preparation set

    alarms/reminders to regularly check for the following: • New challenges • Hints • Questions folks ask in IRC • People bragging on Twitter • Teammates who are stuck and need halpz

27. THE CARE AND FEEDING OF NEWBIES • Assign easier challenges

    to the beginner folks on your team, based on the skills they want to focus on. • As a more experienced hacker, don’t be tempted to take the easy challenges. • Pair hacking! Let the newbie drive. Don't take away the keyboard. • If there are limited submissions or you’re penalized for too many, check their answers. • Leave some time at the end to tidy up beginner challenges.

28. SECRET NAP TECHNIQUES • 90 minutes of sleep followed by

    two cups of coffee in the evening will give you another 12-24 hours of near-peak performance. SCIENCE! • Naps increase objective performance more than subjective – you’ll feel groggy but work better. PARADOXICAL! • Shorter naps: caffeine before 20-30 minute nap; the caffeine dose will hit you and you’ll wake up refreshed. • See Mythbusters S12E02 or “The Promise of Sleep”

29. OPSEC I can put my dox back on, you can’t.

    PLAY SAFE.

30. PLAYING SAFE Attack/Defend • Use fresh, fully patched machines on

    a dedicated network • Flatten them after playing (backup your pcaps and samples!) • Spin up dedicated shells • Segment off recon/exploitation/ reversing network or have a second one Jeopardy • No VPN, so less scary • You can still do all the stuff to the left • Use VMs for exploitation • Patch! • If there’s a game IRC, use a different IP unless the server masks it.

31. DON’T BE A JERK. Model good behaviour to other teams.

    Un-excellent things to do: • Cheating • DoSing • Doxing • Spamming IRC or Twitter hashtag • Being a swear-bear on IRC (there may be kids around!)

32. POSTMORTEM I know because of my learnings

33. POSTMORTEM •Share what you learned with your peers •Give things

    a day or two to sink in, but don't wait too long. Schedule it before the game. •Give back - write up walkthroughs

34. UPCOMING GAMES

35. GET OUT AND GAME • SecTor! Email ctf@sector.ca with a

    team. Info on sector.ca under events • http://ctftime.org/ has listings of upcoming games • Meet at the bar after Jamie’s talk to find potential teammates!

36. FURTHER READING

37. FURTHER READING • The Many Maxims of Maximally Effective CTFs

    • ISIS Lab’s CTF Guide • picoCTF Preparations • My slides: https://speakerdeck.com/hypatia