CTF Workshop
saarsec CTF Workshop
Hello, you have successfully found the website of the saarsec CTF workshop!
Information about the workshop
This semester, we will again offer a compact workshop to teach interested students the core concepts of hacking and CTF competitions specifically. This workshop will start on Saturday, April 15th and cover the whole weekend, ending in a CTF on Sunday, April 16th. The "we" in this case is team saarsec, a group of CTF players from bachelor students to professors, that regularly participates in international hacking competitions.
Basic information
In the workshop, we give an introduction into several types of vulnerabilities, which can be found in both hacking competitions and real-world applications. For each topic, we not only give a presentation, but rather participants are challenged to compete against each other in exercises we created. In addition, we give an introduction into Python and teach students the basics of automation necessary in a CTF competition. On Sunday, after covering the "hard facts", we explain the concept and the timeline of a CTF, teaching a structured means of handling these stressful competitions. After that, we come to the highlight of the workshop, i.e., an actual CTF competition against teams of other participants.
If you want to know more about what you can expect, read the report from a previous participant.
Timeline for the workshop
On Saturday, we introduce core concepts of web application security and discuss relevant browser tools needed for the exercises of the day. After a couple of exercises, we continue with SQL injections, covering why these occur and how they can be stopped. After the lunch break, we introduce the basics of Python scripting. On Sunday, we conclude our talks with Command Injection & File Inclusion and an introduction into how to play a CTF. Afterwards, we will set up everything for the final CTF battle, where participants will compete against each other in small teams. After about 4 hours of hacking each other, we then wrap up the workshop with solutions to the CTF tasks.
| Timeslot | Saturday | Sunday |
|---|---|---|
| 10:00 - 11:30 |
Introduction & Linux Basics
by Simon & Till
|
File Inclusion & Command Injection
by Sahil
|
| 11:30 - 13:00 |
Security Primer & Browser Tools
by Louai
|
Howto CTF
by Markus
|
| 13:00 - 14:00 |
Lunch Break
|
Lunch Break & CTF Preparation
|
| 14:00 - 15:30 |
SQL Injection
by Demian
|
Practice CTF
by saarsec
|
| 15:30 - 17:00 |
Python 1
by Niklas
|
Practice CTF
by saarsec
|
| 17:00 - 18:30 |
Python 2
by Kiran
|
Practice CTF & WrapUp
by saarsec
|
Requirements for the workshop
While we do not necessarily have any requirements for operating systems, you should consider that several tools
you might want to use are only
available on Linux or MacOS.
Hence, it does not hurt to have a live USB key or a VM handy.
Regardless of the OS, please ensure that you have installed Python ahead of time and know how to install
new packages (or even better, have requests installed beforehand).
Depending on how you want to code, we suggest you have some IDE available (e.g.,
PyCharm has a free academic license).
If you are interested to join, please register here, and click on the
account activation link that you'll receive via email.
TL;DR
- CTF Workshop on the 15th and 16th of April
- Lots of fun in hacking things and your mates
- Register here, follow the emailed instructions.