You would like to participate in the next CTF event with us?
Great! Read carefully through this document :)
What is a CTF?
There are two kinds of CTFs, Jeopardy and Attack-Defense. We mostly participate in Attack-Defense CTF competitions.
Read the post on Attack-Defense for Beginners or lean back and watch this video on CTFs in general or a presentation which also covers Attack-Defense CTFs.
@blu3r4y gave another 5-minute-intro on Attack-Defense CTFs during a lecture back in November 2017. Unfortunately, the video is only available in German at the moment, but it has English subtitles.
Preparation
Create and confirm your account at git.sigflag.at
Before you can learn more about our infrastructure, we need to confirm your account.
Meet one of the admins in person, attend the events or write us an email to get access. We highly recommend you to visit one of the introductory events.
In the meantime, continue to setup your environment.
Setup your environment
Operating system
You can use whatever system you like, although you definitely need the following two things:
- SSH client (and keys!) to connect to remote machines
- Capability to mount SMB network shares (default Microsoft CIFS shares)
We highly recommend you to use a Linux system. KALI Linux is a perfect choice for CTF events. You can either install KALI Linux side-by-side to your current system (dual-boot) or directly onto your device.
If you don’t want to clutter your computer with a second operating system, we recommend you to setup a virtual machine. VirtualBox is a popular choice for a free hypervisor.
SSH Client and Keys
You will connect to various remote machines during the CTF event. We only allow SSH Keys and no passwords. If you would like to learn more about SSH keys, follow this link.
On Linux
Check if you already have an ssh keypair configured by trying to read the public key:
cat ~/.ssh/*.pub
If you got a valid ssh keypair, you are all set. You can skip the following steps.
If not, read on …
- Generate a new keypair with
ssh-keygen -t ed25519and follow the prompted instructions - We recommend to set a passphrase on your keypair
- Read your public key with
cat ~/.ssh/*.pub
On Windows
You need an SSH client for Windows. PuTTY is a popular choice. Make sure to download putty.exe and puttygen.exe.
- Follow this guide on how to create a ssh keypair with PuTTY
- We recommend to set a passphrase on your keypair
- Once generated, copy the key in the text field labeled ‘Public key for pasting into OpenSSH authorized_keys file’. This is your public key.
Final Steps
Once your account is confirmed, add your PUBLIC KEY to git.sigflag.at.
Training
The strength of the team is each individual member.
The strength of each member is the team.
We highly appreciate your contributions to our team. Along with that, we would like to present you a few opportunities to train your skills.
- Keep an eye on our list of upcoming events
- Subscribe to the announcement mailing list
Reading Material
- Read through the CTF rules prior to the event (here are the iCTF 2018 rules)
- Read through CTF write-ups of previous events
Further suggestions
- Train your hacking skills on Jeopardy CTF events individually or in a small team. You can find an overview of upcoming CTFs on ctftime.org
- If you are a student of the JKU, enroll in various courses concering information security or similiar topics
Hack with us!
You can dive into more detailed infrastructure details here, once your account got confirmed. Meet one of the admins in person, attend the events or write us an email to get access.
Team Setup
Usually, we try to split our members into various teams. You may start thinking about a team, which suits you well. Don’t worry, we don’t enforce this clustering ;)
- Monitoring … Detecting intruders and keeping an eye on our infrastructure
- Network
- Systems
- Exploiting … Yea, hacking!
- Applications with source code
- Binaries
- Fuzzing
- Scripting … Write exploit scripts to steal flags from others
- Coordination … Being a smart ass about how other people could do stuff better