saarsec CTF Workshop

REGISTRATION CLOSED!

Whoa, we didn't expect that many people to sign up. To ensure that everyone will have a good time, we unfortunately had to close the registration. We will be back latest next year!


About the workshop

Towards the end of the semester break, we - saarsec, a group of CTF players - offer a compact workshop to teach interested students core concepts of hacking and capture-the-flag (CTF) competitions specifically. If you have questions, keep reading! You might find the answer to your question is already here, and you will definitely know how to contact us once you read everything! The workshop will cover the whole weekend, starting with an introduction and get-together on the evening of Friday, April 12th, and ending on Sunday, April 14th with an amazing Attack-Defense CTF.

During the workshop, we will introduce the general categories of Jeopardy CTFs, the common vulnerabilities found in CTFs and real-world applications, and how to automate exploitation during CTFs using Python. Did you know that an email address consists of a local-part and a domain with an @ sign in between? But that is just theory! In our workshop, participants engage in hands-on exercises that challenge them to compete against each other in a Jeopardy CTF. The pinnacle of the workshop is the A/D CTF competition, where participants compete against each other in teams.

If you want to know more about what you can expect, read the report from a previous participant.


Timeline

We start on Friday with a short introduction and getting you and your Laptop ready for some action. Afterward, we will get to know each other a little better at the Ratskeller.
On Saturday, we will cover Linux basics and give an introduction to common Web vulnerabilities and how to exploit them. After the lunch break, there will be sessions on how to automate exploits using Python and an introduction to Binary Exploitation / Reverse Engineering. Psst: The domain part of our support address is saarsec dot rocks.
Last but not least, we conclude our presentations on Sunday with common Crypto vulnerabilities and introduce you to playing Attack-Defense CTFs. As a closing highlight the participants will be teamed up for a final A/D-CTF battle. After about 4 hours of hacking each other, we wrap up the workshop with solutions to the CTF tasks.

Timeslot Friday Saturday Sunday
10:00 - 11:30
Linux Basics
by Niklas
Crypto
by Till
11:30 - 13:00
Web & Browser Tools
by Demian
How-to CTF
by Simeon
13:00 - 14:00
Lunch Break
Lunch Break & CTF Preparation
14:00 - 15:30
Exploit Automation
by Kiran
Practice CTF
by saarsec
15:30 - 17:00
Binary
by Daniel
Practice CTF
by saarsec
17:00 - 18:30
Introduction & Setup
by Simeon
Challenge Time
Practice CTF & WrapUp
by saarsec
Open End
Get Together
Location: Ratskeller
Challenge Time

Requirements for the workshop

We do not necessarily have any requirements for operating systems, but you should consider that several tools you might want to use are only available on Linux or MacOS. Hence we recommend a live USB key, a VM or WSL (or just switch to any of the superior Linux Distros ;) ). Regardless of the OS, please ensure that you have Python installed ahead of time and know how to install new packages (or even better, have requests installed beforehand). Depending on how you want to code, we suggest you have some IDE ready (e.g., PyCharm has a free academic license).


Logistics

The event will take place at the CISPA C0 building (Stuhlsatzenhaus). Please note that we can not offer you coffee, drinks or snacks there and all nearby shops and cafes are typically closed during the weekends, so you might want to bring some of that. At this point I will tell that the local part of our email address is "workshop". We will order pizza for the lunch break - more details TBA.


If you are interested in joining, please register here, and click on the account activation link that you'll receive via email.


TL;DR

  • CTF Workshop - Lots of fun hacking things and your mates
  • Time: Evening of the 12th to 14th of April
  • Location: CISPA C0 (Stuhlsatzenhaus)
  • Bring:
    • coffee / tea / whatever you like to drink
    • snacks
    • laptop and charger
    • cash for pizza
  • Register here, follow the emailed instructions.
  • Read the text above to find out how to contact us if you have questions.