Click here to read this page in German.
| WORKSHOP FULLY BOOKED Thank you for your overwhelming interest! The workshop is fully booked. But you can still register on the waiting list. |
SIGFLAG is looking for new members, again! And we want to let you get a taste of hacker air. In this workshop you will learn about the most important hacking categories and can apply your knowledge on different tasks. The experienced SIGFLAG members actively support you in the process. The aim of the workshop is also to get an insight into typical tasks at Security CTF Competitions.
REVERSE PWN WEB HARDWARE
AI CRYPTO STEGO FORENSIC
When? Friday, October 28, 2022 from 14:00 to 19:30
Where? Dynatrace Austria, Linz Lab - Am Fünfundzwanziger Turm 20, 4020 Linz
Language? Presentations in DE. Slides in EN. Support during the workshop in DE + EN.
I only speak English. Is this workshop for me?
Yes. The slides will be in English, the necessary resources will be in English and our SIGFLAG team members will answer your questions in English. It may even be possible to cover some parts of the introduction in English as well.
Costs?
Free entry after free registration.
Free drinks. Free snacks. Nerdy prices.
We thank our sponsors ARES Cyber Intelligence, Dynatrace and epunkt for their active support. Thanks to them there will be drinks, snacks, and nerdy prices.
How does the workshop work?
13:37. Doors open.
14:00. The workshop starts. Our team members will introduce the hacking categories with examples and show you how best to approach the various tasks.
15:30. The hacking starts. Challenges with increasing levels of difficulty await you in each category. This will allow you to either try out all the categories for a moment or immerse yourself in a single one - depending on what you enjoy! You do not get on with a task? You do not know how to start? No problem: The experienced members of SIGFLAG will help you with tips and tricks.
19:30. After 4 hours we will complete the free hacking and present a few solutions for individual challenges. The challenges will be available online for even longer, so you can continue hacking at home.
What do I have to bring?
Your own laptop, programming skills and the curiosity and willingness to independently dive into new things. It is also important that you are enthusiastic about a category of your choice - then you will be able to accomplish its tasks as well.
For some categories, we recommend that you have some prior knowledge. These requirements and recommendations can be found in the description of the categories below.
As some advanced tools are only available on Linux, we recommend setting up a KALI Linux with VirtualBox, for example.
From which hacking categories can I choose one or more?
Reverse Engineering Pwning The code is compiled and can only be read by machines: that’s it? Not for reversers: we break down the program into its individual parts, reconstruct methods, observe the control flow and find data structures. And in pwning we use everything we can to let a program play and jump by our rules. Buffer overflows on the stack, buffer overflows on the heap, ROP chains and, with a bit of luck, a shell as well.
Required Basic C skills + KALI VM or similar
Recommended Course: Systems Programming + Course: Secure Code
Web Security PHP web pages, SQL databases and JavaScript code provide a broad attack surface. In this category we break into the backend of a homepage or just dump a backup of the webservers database.
Required A browser (e.g. Firefox or Chrome) + Basic web skills
Recommended SQL expertise + JavaScript expertise + Course: Web Security
Hardware Security You prefer to hack something tangible? You think IoT devices are far too insecure? Then you’ve come to the right place. We have prepared a bit of electronics and a few microcontrollers for you, where something may be wrong. Maybe you’ll find the error?
Required Knowledge about digital circuits
Recommended Course: Digital Circuits + Course: Electronics
Artificial Intelligence Adversarial Machine Learning has shown us how easily neural networks can be fooled. Don’t worry, we don’t expect you to reverse a neural network with Activation Maximization, but that’s the direction our challenges will take.
Required Basic linear algebra + machine learning skills
Recommended Course: LSTM and Recurrent Neural Nets
Cryptography This category is about decrypting secret messages. Together we crack everything from ancient methods such as Caesar ciphers to today’s standard algorithms such as RSA - or at least find a flaw in the implementation ;) If you like to decompose complex patterns and have a weakness for mathematics, this will certainly be the category for you.
Required Any programming or scripting language (e.g. Python)
Recommended Course: Cryptography
Steganography Forensic Flags in pictures. Flags in text. Flags in audio. Flags in videos. Flags - just about anywhere. Steganographers hide information in other media, “hidden in plain sight”. And forensic experts search for structure in confiscated hard drives and network traffic dumps.
Required Any programming or scripting language (e.g. Python)
Recommended Knowledge about media files + Usage of hex editors
I am an IT security professional. Is this workshop for me?
Yes. Even professionals will get something out of this workshop. Show us your skills! The higher levels are very tricky and we are curious if you can solve them all. Alternatively, this workshop also offers you the opportunity to discover new hacking categories.
I have never solved such challenges before. Is this workshop for me?
Yes. We introduce different hacking categories and in each category the first level is very simple. This gives you the opportunity to peek into each category and find out if you like it. You can also solve a task together in the team and get tips from our experienced members. Also see here, where we describe what you should bring with you.
| WORKSHOP FULLY BOOKED Thank you for your overwhelming interest! The workshop is fully booked. But you can still register on the waiting list. |
Open questions? Drop us an e-mail to info ~ at ~ sigflag.at