Hello, you have successfully found the website of the saarsec CTF workshop.
This semester, we will offer a compact workshop to teach interested students the core concepts of hacking and CTF competitions specifically. This workshop will start on Friday, March 8th and cover the whole weekend, ending in a CTF on Sunday, March 10th. The "we" in this case is team saarsec, a group of CTF players from bachelor students to professors, that regularly participates in international hacking competitions.
In the workshop, we give an introduction into several types of vulnerabilities, which can be found in both hacking competitions and real-world applications. For each topic, we not only give a presentation, but rather participants are challenged to compete against each other in exercises we created. In addition, we give an introduction into Python and teach students the basics of automation necessary in a CTF competition. On Sunday, fter covering the "hard facts", we explain the concept and the timeline of a CTF, teaching a structured means of handling these stressful competitions. After that, we come to the highlight of the workshop, i.e., an actual CTF competition against teams of other participants.
If you want to know more about what you can expect, read the report from a previous participant.
The full program for the workshop is available here. We start on Friday with an introduction of our team
as well as the participants. Subsequently, we cover the basics of Linux which are needed for the course. Afterwards, we do a get-together with
us and the participants to get to know each other a little better.
On Saturday, we introduce core concepts of web application security and discuss relevant browser tools needed for the exercises of the day. After a couple of exercises, we continue with SQL injections, covering why these occur and how they can be stopped. After the lunch break, we introduce the basics of Python scripting. On Sunday, we conclude our talks with Command Injection & File Inclusion. Afterwards, we give an introduction into to play a CTF. Afterwards, we have (obligatory for any CTF) Pizza and set up everything for the final CTF battle. After about 4 hours of hacking each other, we then wrap up the workshop with solutions to the CTF tasks.
While we do not necessarily have any requirements for operating systems, you should consider that several tools you might want to use are only
available on Linux or Mac OS X. Hence, it does not hurt to have a live USB key or a VM handy. Regardless of the OS, please ensure that you have
installed Python ahead of time and know how to install new packages (or even better, have requests installed beforehand).
Depending on how you want to code, we suggest you have some IDE
available (e.g., PyCharm has a free academic license).
For the CTF, you will need a wired connection to our internal network. If your laptop does not come with a LAN adapter, please bring a dongle (only needed on Sunday).
If you are interested to join, please write an email to Johannes Krupp (firstname.lastname@example.org) and include [WORKSHOP] in the subject line.