virtual saarsec CTF workshop

Hello, you have successfully found the website of the saarsec CTF workshop.

Information about the workshop

This semester, we will again offer a compact workshop to teach interested students the core concepts of hacking and CTF competitions specifically. This workshop will start on Saturday, April 10th and cover the whole weekend, ending in a CTF on Sunday, April 11th. The "we" in this case is team saarsec, a group of CTF players from bachelor students to professors, that regularly participates in international hacking competitions. For obvious reasons, this time the workshop will be held as a virtual workshop that you can participate in from home.

Basic information

In the workshop, we give an introduction into several types of vulnerabilities, which can be found in both hacking competitions and real-world applications. For each topic, we not only give a presentation, but rather participants are challenged to compete against each other in exercises we created. In addition, we give an introduction into Python and teach students the basics of automation necessary in a CTF competition. On Sunday, fter covering the "hard facts", we explain the concept and the timeline of a CTF, teaching a structured means of handling these stressful competitions. After that, we come to the highlight of the workshop, i.e., an actual CTF competition against teams of other participants.

If you want to know more about what you can expect, read the report from a previous participant.

Timeline for the workshop

On Saturday, we introduce core concepts of web application security and discuss relevant browser tools needed for the exercises of the day. After a couple of exercises, we continue with SQL injections, covering why these occur and how they can be stopped. After the lunch break, we introduce the basics of Python scripting. On Sunday, we conclude our talks with Command Injection & File Inclusion and an introduction into how to play a CTF. Afterwards, we will set up everything for the final CTF battle, where participants will compete against each other in small teams. After about 4 hours of hacking each other, we then wrap up the workshop with solutions to the CTF tasks.

Saturday, 10.04. Sunday, 11.04.
10:00 - 11:30 Introduction & Linux Basics File Inclusion & Command Injection
11:30 - 13:00 Security Primer & Browser Tools Howto CTF
13:00 - 14:00 Lunch Break Lunch Break & CTF Preparation
14:00 - 15:30 SQL Injection CTF
15:30 - 17:00 Python 1
17:00 - 18:30 Python 2

Requirements for the workshop

While we do not necessarily have any requirements for operating systems, you should consider that several tools you might want to use are only available on Linux or MacOS. Hence, it does not hurt to have a live USB key or a VM handy. Regardless of the OS, please ensure that you have installed Python ahead of time and know how to install new packages (or even better, have requests installed beforehand). Depending on how you want to code, we suggest you have some IDE available (e.g., PyCharm has a free academic license).

If you are interested to join, please write an email to and include [WORKSHOP] in the subject line.