Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
152 views36 pages

Capture The Flag 101

Uploaded by

jealousreaper436
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
152 views36 pages

Capture The Flag 101

Uploaded by

jealousreaper436
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

CTF 101

Workshop
Acceleration Team
Micah Silverman
Director, Security Advocacy 🥑@Snyk
Java Developer (29 years)

Author

Open Source Contributor

DevSecCon chapter leader

@afitnerd
Tinkerer

Chaotic Neutral
1 Getting started with CTF 👾

2 Challenge 1 - Invisible Ink ✒


Agenda
3 Challenge 2 - Sauerkraut 🌭

4 Go Forth and CTF!


CTF-101 👾
Getting started with CTF
��
What is a CTF?
Simulating real-world security challenges
Participants are presented with a series of challenges designed to emulate real vulnerabilities, threats, and
attacks vectors that organizations face in the digital landscape

Several types of challenges: Binary analysis, web exploitation, cryptography, reverse engineering, network
security

CTF is different from cybersecurity disciplines like penetration testing, vulnerability assessment or ethical
hacking
What’s a Flag, anyway?

SNYK{9a9e3b26d014635e125a62899f337b84bb5ac}
Preparing for CTF Challenges
● Getting set up for CTFs
● Linux proficiency
● CTF platform enrollment
● Understanding the rules and objectives
�� Do share progress

Please do not tell


☹ spoilers

�� Do ask questions

Please do not hack


☹ the backend

Do talk to each
�� other for clues
Join Discord!

https://snyk.co/ctf-101-discord

snyk-ctf-⛳
CTF Tools

�� ⚙ ��
Selecting the right Strategies behind Type of tools
tools playing with CTF
tools
• IDE/ Text editor
Tools •

Node.js/ npm
Python3
• Curl/ Postman

Platform • CTF platform. https://101.ctf-snyk.io


• Snyk account. https://snyk.io/

Patch’s • Snyk CLI


help • Snyk IDE integration (VS, IntelliJ)
• Snyk Advisor
CTF strategies & techniques

🎯 ℹ �� �� ❌
Identify the Gather Analyze Test and Common
problem information clues iterate mistakes to
avoid
Invisible Ink ✒
What do we know?
The hint 🤫 Snyk CLI
● URL: http://invisible-ink.c.ctf-snyk.io/
● Language: JavaScript
● Files: package.json + index.js
● Let’s Talk HTTP: Bulletin Board

GET
Read content
POST
Place content
DELETE
Remove content
on the board on the board from the board
Let’s HACK! 💻
SOLUTION 😮
What did we
learn? 🤔
Invisible Ink
● 🔍 at all the files you have during a challenges
● Have a 👀 at the code, and try to have a general understanding. You don’t
need to be an expert
● Use Snyk to help you solve the challenges 😉
● Learn more about Prototype Pollution on Snyk Learn! 🤓
● https://learn.snyk.io/lessons/prototype-pollution/javascript
Sauerkraut 🌭
What do we know?
The hint 🤫 Google is your friend
● URL: http://sauerkraut.c.ctf-snyk.io/
● Language: Python
● What goes best on a hotdog?
● Investigate

View Submit View


source? form? Network tab?
Let’s HACK! 💻
SOLUTION 😮
What did we
learn? 🤔
Sauerkraut
● You don’t need to be a Python expert 🐍
● Error messages ❌ can give it away if we do the right search on Google
● Learn more about Pickle and Python with Snyk! 🤓
● https://snyk.io/blog/guide-to-python-pickle
Go Forth
And CTF!
Learning from mistakes
● Embrace curiosity
● Analytical reflection
● Persistence and resilience
● Collaborative learning
● Celebrate small wins
Transferable Security Skills with CTFs

�� �� ♟ 👥 💪
Technical Analytical Strategic Collaboration Problem-
skills skills thinking and
teamwork solving
Engaging with the CTF Community

�� �� ��
Chat groups Social media CTF blogs and
communities websites
Snyk
Blog
Snyk
CTF-101
Snyk
Learn
Snyk
YouTube
DevSecCon
Discord
Ethical Hacking 101 Workshop
Test your security skills as you solve a series of Capture the Flag hacking challenges

When: February 8, 2024 | 11:00am - 12:30pm ET


Join this hands-on, virtual workshop to get an introduction to ethical hacking and learn how
you can proactively identify security weaknesses in your systems before they can be
exploited.

After the workshop, you'll have the skills to find and fix security vulnerabilities and go through
the responsible disclosure process.

https://snyk.io/events/
Thank you!

You might also like