saarsec CTF Workshop

Hello, you have successfully found the website of the saarsec CTF workshop!


Information about the workshop

This semester, we will again offer a compact workshop to teach interested students the core concepts of hacking and CTF competitions specifically. This workshop will start on Saturday, April 9th and cover the whole weekend, ending in a CTF on Sunday, April 10th. The "we" in this case is team saarsec, a group of CTF players from bachelor students to professors, that regularly participates in international hacking competitions. We plan to have our workshop on-site at CISPA, but will switch to a virtual workshop format should the pandemic not allow in-person events.

Update: To keep everyone safe, we have decided to hold this year's workshop in a virtual format again. We will be using gather as our main platform, more details can be found once you have logged in.


Basic information

In the workshop, we give an introduction into several types of vulnerabilities, which can be found in both hacking competitions and real-world applications. For each topic, we not only give a presentation, but rather participants are challenged to compete against each other in exercises we created. In addition, we give an introduction into Python and teach students the basics of automation necessary in a CTF competition. On Sunday, after covering the "hard facts", we explain the concept and the timeline of a CTF, teaching a structured means of handling these stressful competitions. After that, we come to the highlight of the workshop, i.e., an actual CTF competition against teams of other participants.

If you want to know more about what you can expect, read the report from a previous participant.


Timeline for the workshop

On Saturday, we introduce core concepts of web application security and discuss relevant browser tools needed for the exercises of the day. After a couple of exercises, we continue with SQL injections, covering why these occur and how they can be stopped. After the lunch break, we introduce the basics of Python scripting. On Sunday, we conclude our talks with Command Injection & File Inclusion and an introduction into how to play a CTF. Afterwards, we will set up everything for the final CTF battle, where participants will compete against each other in small teams. After about 4 hours of hacking each other, we then wrap up the workshop with solutions to the CTF tasks.

Timeslot Saturday Sunday
10:00 - 11:30
Introduction & Linux Basics
by Johannes Krupp
File Inclusion & Command Injection
by Alexander Fink
11:30 - 13:00
Security Primer & Browser Tools
by Michael Naber
Howto CTF
by Ben Stock
13:00 - 14:00
Lunch Break
Lunch Break & CTF Preparation
14:00 - 15:30
SQL Injection
by Peter Stolz
Practice CTF
by saarsec
15:30 - 17:00
Python 1
by Daniel Weber
Practice CTF
by saarsec
17:00 - 18:30
Python 2
by Daniel Weber
Practice CTF & WrapUp
by saarsec

Requirements for the workshop

While we do not necessarily have any requirements for operating systems, you should consider that several tools you might want to use are only available on Linux or MacOS. Hence, it does not hurt to have a live USB key or a VM handy. Regardless of the OS, please ensure that you have installed Python ahead of time and know how to install new packages (or even better, have requests installed beforehand). Depending on how you want to code, we suggest you have some IDE available (e.g., PyCharm has a free academic license).
If you are interested to join, please register here, and click on the account activation link that you'll receive via email.


TL;DR

  • CTF Workshop on the 9th and 10th of April
  • Lots of fun in hacking things and your mates
  • Register here, follow the emailed instructions.