Hello, you have successfully found the website of the saarsec CTF workshop!
Information about the workshop
This semester, we will again offer a compact workshop to teach interested students the core concepts of hacking
and CTF competitions specifically.
This workshop will start on Saturday, April 9th and cover the whole weekend, ending in a CTF on Sunday,
The "we" in this case is team saarsec, a group of CTF players from bachelor students to professors, that
regularly participates in international hacking competitions.
We plan to have our workshop on-site at CISPA, but will switch to a virtual workshop format should the
pandemic not allow in-person events.
Update: To keep everyone safe, we have decided to hold this year's workshop in a virtual format again. We will be using gather as our main platform, more details can be found once you have logged in.
In the workshop, we give an introduction into several types of vulnerabilities, which can be found in both hacking competitions and real-world applications. For each topic, we not only give a presentation, but rather participants are challenged to compete against each other in exercises we created. In addition, we give an introduction into Python and teach students the basics of automation necessary in a CTF competition. On Sunday, after covering the "hard facts", we explain the concept and the timeline of a CTF, teaching a structured means of handling these stressful competitions. After that, we come to the highlight of the workshop, i.e., an actual CTF competition against teams of other participants.
If you want to know more about what you can expect, read the report from a previous participant.
Timeline for the workshop
On Saturday, we introduce core concepts of web application security and discuss relevant browser tools needed for the exercises of the day. After a couple of exercises, we continue with SQL injections, covering why these occur and how they can be stopped. After the lunch break, we introduce the basics of Python scripting. On Sunday, we conclude our talks with Command Injection & File Inclusion and an introduction into how to play a CTF. Afterwards, we will set up everything for the final CTF battle, where participants will compete against each other in small teams. After about 4 hours of hacking each other, we then wrap up the workshop with solutions to the CTF tasks.
|10:00 - 11:30||
Introduction & Linux Basics
by Johannes Krupp
File Inclusion & Command Injection
by Alexander Fink
|11:30 - 13:00||
Security Primer & Browser Tools
by Michael Naber
by Ben Stock
|13:00 - 14:00||
Lunch Break & CTF Preparation
|14:00 - 15:30||
by Peter Stolz
|15:30 - 17:00||
by Daniel Weber
|17:00 - 18:30||
by Daniel Weber
Practice CTF & WrapUp
Requirements for the workshop
While we do not necessarily have any requirements for operating systems, you should consider that several tools
you might want to use are only
available on Linux or MacOS.
Hence, it does not hurt to have a live USB key or a VM handy.
Regardless of the OS, please ensure that you have installed Python ahead of time and know how to install
new packages (or even better, have requests installed beforehand).
Depending on how you want to code, we suggest you have some IDE available (e.g.,
PyCharm has a free academic license).
If you are interested to join, please register here, and click on the account activation link that you'll receive via email.
- CTF Workshop on the 9th and 10th of April
- Lots of fun in hacking things and your mates
- Register here, follow the emailed instructions.