From SHA2017 Wiki
Revision as of 22:18, 1 June 2017 by Thice (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Description We are a group of hackers who are part of the Eindbazen CTF team and we are currently in the process of organizing the official CTF for the SHA event.
Type Game
Kids session No
Keyword(s) game, hacking, security
Processing village Village:CTF Village
Person organizing User:Thice, User:Asby
Language en - English, nl - Dutch
en - English, nl - Dutch
Other sessions...


Subtitle CTF
Starts at 2017/08/05
Ends at 2017/08/06 12:00
Duration 2160 minutes
Location Village:CTF Village

We are a group of hackers who are part of the Eindbazen CTF team and we are currently in the process of organizing the official CTF for the SHA event.

A CTF is a Capture The Flag hacking game. Which generally exists of multiple hacking-related challenges which need to be solved during the time the CTF takes place. Players play in teams and compete against each other. Most CTFs run for about 24-48 hours and can be played online. During the CTF all challenges are provided in a controlled environment, and everything is completely legal. No hacking of external parties or the other teams takes place.

Most of the hacking events or conferences these days have an official CTF, which takes place during the event/conference. A good example is the yearly CTF at CCC. We personally think a CTF is a great addition to an event and provides the visitors some technical entertainment. The CTF will further provide promotion for the event, especially with the Teaser round we are planning before the event where players can win four tickets for SHA2017.

To get a better understanding of the setup and kind of challenges that players will encounter we would like to refer to the CTF we organized during OHM 2013, which was called ebCTF:

Basically we have 6 categories with each challenges in 4 difficulties.

  • Binary challenges where you get a binary which you need to reverse engineer. Binaries are usually Windows or Linux executables, but can also be from more exotic environments.
  • Crypto challenges which involves classic crypto algorithms such as substitution, Vigenere and Caeaser Ciphers, or more advanced challenges including weaknesses in ECB mode, bit flipping, padding oracle attacks or hash function length extension attacks.
  • Forensics challenges, which contains anything related to forensics. Challenges can include Windows, Linux, Android or Exotic platform forensics.
  • Network challenges, such as analyzing packet captures or network communication, port knocking, etc.
  • Pwnables challenges where you need to exploit a specific local or remote vulnerability, like buffer overflows, format strings or a different kind of vulnerability. The level of difficulty can be made harder with mitigations such as ASLR and NX.
  • Web challenges which contains all web and HTTP related challenges. Including, but not limited to: SQL injection, directory traversal, file inclusion, scripting language quirks, XSS, remote command execution.

Besides the main CTF we will run a "mini" CTF which contains challenges for beginning CTF players.

To promote the CTF and SHA2017 we will run a Teaser round, which will contain 4-6 challenges in different categories and with different difficulties. The winner of this Teaser round will win four tickets to SHA2017.