CTF for Mortals

CTF FOR MORTALS
Leigh Honeywell
Seattle Attic Community Workshop

View Slide

ABOUT ME
• I work at a large software company in Redmond
• (but I’m speaking only on my behalf)
• Co-founded a couple of hackerspaces
• From around here
• Went to U of T
• Former Bell, MessageLabs/Symantec Cloud, independent consultant, failed
startup founder
• Hate when speakers spend too long on their bios, so I’ll shut up now.
• @hypatiadotca on the tweeters

View Slide

WHAT THE CTF
• Hacking tournament
• Capture “flags” that look like flag{sdjkfhekjhremn} or sometimes
flag{forensics_is_fun} you then submit to a game server for point
• Play alone or with others, sometimes at big events or just online

View Slide

CTF IS FOR EVERYONE
• Remember “Hackerspace Design Patterns”? This is
like that, but for CTF.
• Whatever lets you learn and have fun is the right
way to play.
• Even non-programmers and people who aren’t
security specialists can learn and have fun playing –
bond with your parents or kids*!
*competition IRC channels etc. can be full of
pottymouthed asshats. Don’t be that asshat.

View Slide

WELL, ALMOST EVERYONE
•Some tournaments are student-only or have a
student-only category
•Some require you to be on-site
•Some just want part of the team on-site, can
have remote support
•Qualification rounds – Defcon, CSAW (they fly
you to NYC!)

View Slide

MY EXPERIENCES
• 2011 UCSB iCTF – placed ~35th out of ~80 teams
• Attack-Defend, student only CTF
• Mentored by Alan Rosenthal at U of T – THANK YOU
• 2013 NYU CSAW – placed ~300th out of ~1400
• Jeopardy style, open to non-students
• Team Unicode Sparklehearts
• Yup, I’ve only played two games. And I’m here talking to you.
"What do I know now that I wish I knew a year ago?"
--Jack Diederich

View Slide

OUTLINE
•Styles of CTF
•Building your team
•Preparation
•Game Day
•OPSEC
•Postmortem
•Upcoming Games
•Further Reading

View Slide

TYPES OF CTF

View Slide

STYLES
Attack/Defend
• Keep services running
• Attack other teams
• Attack central services
• Involves infrastructure, possibly a
VPN
Jeopardy
• Challenges you download
• Various points / difficulty levels
• Attack central services

View Slide

STYLES
Attack/Defend Jeopardy

View Slide

TYPICAL CTF TOPICS
•Trivia
•Recon
•Puzzles
•Steganography/
Forensics

View Slide

TYPICAL CTF TOPICS
•Reversing
•Exploitation
•Crypto
•Web
•Defense

View Slide

PREPARATION
Friends don’t let friends CTF unawarez

View Slide

TIMELINE
-1 Month
•Basic
infrastructure
•Tools
•Skills Roster
-2 Weeks
•Pick co-
ordinator
•Tactics
•More
infrastructure
-1 Week
•Hardware
•Network
•Logistics
-1 to 3
Days
•Food
•Nap options
At each checkpoint, check for any newly available information from the contest organizers!

View Slide

ONE MONTH AWAY
-1 Month -2 Weeks -1 Week -1 to 3 Days
• Initial infrastructure:
• mailing list
• IRC channel
• document share
• Recruit!
• Meet to go over tools, initial skills roster
• Show newbies how to IRC. Freenode has webchat. Consider setting a password.

View Slide

BUILDING YOUR TEAM

View Slide

REAL VS. VIRTUAL
•Recruit diversely
•Different skills = valuable
•Teams across timezones = moar sleep
•Find someone with access to physical space

View Slide

TEAM SIZE
•There’s usually no minimum
•If there are rules, try to max out the
allowed team
•Otherwise the more the merrier, but the
more folks you have the more important
task allocation becomes

View Slide

MY TEAM
• Unicode Sparklehearts
• 2/3 women, geographically distributed
• Recruited on women-in-tech mailing lists
• About 20 people (8 active in NYU game, in
Seattle and online)
• Variety of skill levels from non-programmers to
kernel hackers
• Anti-harassment policy for our team space
• Recruiting non-jerks of all skill levels and
genders!

View Slide

A WORD ABOUT TOOLS
• Too many to name
• Many of them are in Backtrack / Kali Linux
• Check the resources at the end of this deck
• Top n:
• IDA
• Web proxy
• Notepad++/Textmate
• Search engine
• Scripting language (python ftw)

View Slide

TWO WEEKS AWAY
• Review tactics
• old pcaps and challenges
• WALKTHROUGHS
• Review skills roster
• Figure out initial task breakdown
• Pick a co-ordinator

View Slide

ONE WEEK AWAY
• Get computers in order: multiple OSes are a good idea
• Server (maybe one with cuda-compatible video for cracking
• Shells
• Ensure you have a fat pipe + backup interwebs
• Download rainbow tables
• Spare laptops with Kali Linux
• Whiteboards or butcher paper, markers, postits, lab notebooks
• Switches and routers, printer
• Consider letting your ISP know you'll be playing CTF

View Slide

ONE TO THREE DAYS AWAY
• Double-check your interwebs
• Arrange food.
• Reasonably healthy brain food.
• Snacky things like carrots and hummus, fruit.
• PROTEIN. WATER.
• For longer CTFs, stock up on sleep!
• If the game is 12+ hours, bring something to nap on - couches or thermarests,
pillows, blankets.

View Slide

GAME DAY
Or weekend! Or longer! AHHHH I NEED SLEEP!

View Slide

AW YEAH HACKING TIME
•Read through all the challenges
•Start downloading any additional tools
you need
•For Attack/Defend games, set up services

View Slide

CO-ORDINATE!
• Have the co-ordinator you chose during preparation
set alarms/reminders to regularly check for the
following:
• New challenges
• Hints
• Questions folks ask in IRC
• People bragging on Twitter
• Teammates who are stuck and need halpz

View Slide

THE CARE AND FEEDING OF
NEWBIES
• Assign easier challenges to the beginner folks on your team, based on
the skills they want to focus on.
• As a more experienced hacker, don’t be tempted to take the easy
challenges.
• Pair hacking! Let the newbie drive. Don't take away the keyboard.
• If there are limited submissions or you’re penalized for too many,
check their answers.
• Leave some time at the end to tidy up beginner challenges.

View Slide

SECRET NAP TECHNIQUES
• 90 minutes of sleep followed by two cups of coffee in the
evening will give you another 12-24 hours of near-peak
performance. SCIENCE!
• Naps increase objective performance more than subjective
– you’ll feel groggy but work better. PARADOXICAL!
• Shorter naps: caffeine before 20-30 minute nap; the
caffeine dose will hit you and you’ll wake up refreshed.
• See Mythbusters S12E02 or “The Promise of Sleep”

View Slide

OPSEC
I can put my dox back on, you can’t. PLAY SAFE.

View Slide

PLAYING SAFE
Attack/Defend
• Use fresh, fully patched machines
on a dedicated network
• Flatten them after playing (backup
your pcaps and samples!)
• Spin up dedicated shells
• Segment off recon/exploitation/
reversing network or have a second
one
Jeopardy
• No VPN, so less scary
• You can still do all the stuff to the
left
• Use VMs for exploitation
• Patch!
• If there’s a game IRC, use a
different IP unless the server masks it.

View Slide

DON’T BE A JERK.
Model good behaviour to other teams. Un-excellent things to do:
• Cheating
• DoSing
• Doxing
• Spamming IRC or Twitter hashtag
• Being a swear-bear on IRC (there may be kids around!)

View Slide

POSTMORTEM
I know because of my learnings

View Slide

POSTMORTEM
•Share what you learned with your peers
•Give things a day or two to sink in, but don't
wait too long. Schedule it before the game.
•Give back - write up walkthroughs

View Slide

UPCOMING GAMES

View Slide

GET OUT AND GAME
• SecTor! Email [email protected] with a team. Info on sector.ca under events
• http://ctftime.org/ has listings of upcoming games
• Meet at the bar after Jamie’s talk to find potential teammates!

View Slide

CTF for Mortals

CTF for Mortals

Leigh Honeywell

Other Decks in Technology

Featured

Transcript