Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK

191 views

Published on

Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK

  1. 1. GETTING STARTED WITH SECURITY THROUGH CTFs By Geethna T K and Shruti Dixit
  2. 2. About Us ● Reverse Engineering | Binary Exploitation ● CTF Players ● Part of Team bi0s | Team Shakti ● Sophomores - Amrita School of Engineering, Amritapuri ● @rudyerudite | @GeethnaTk
  3. 3. What is a CTF? ● CTF - Capture The Flag ● Ethical hacking contest ● Hack the code and get the flag ● Play as a team or go solo!
  4. 4. Book Learning V/S CTF style learning ● Institutions - emphasize theory rather than practice. ● CTFs are build upon teamwork. ● CTFs - perceive attacker’s point of view. ● Communities build through CTFs ● And yes, learning is free of course!
  5. 5. Two Styles of CTF
  6. 6. Jeopardy Style Insert one image from InCTF or j ● Variety of challenges ● Scoring < -- > Difficulty
  7. 7. Jeopardy Style Categories: ● Reverse Engineering ● Binary Exploitation ● Forensics ● Cryptography ● Web Exploitation ● Android Security < / >
  8. 8. Cryptography Involves understanding the cryptosystem and breaking the ciphertext. TOOLS: ● Sage Math ● Pycrypto Library ● Crypton
  9. 9. Reverse Engineering Understanding and analyzing a system and looking for vulnerabilities TOOLS: ● GDB ● Radare2 ● IDA Pro ● Binary Ninja
  10. 10. Binary Exploitation Binary exploitation is the art of triggering vulnerabilities and redirecting code execution to perform functions that are unintended by the developer. Tools: ● Pwndbg ● Gdb-peda ● Ropgadgets
  11. 11. Web Exploitation Finding hidden backdoors in websites with an ingenuous look TOOLS: ● BurpSuite ● Edit this Cookie ● Just Hit Ctrl+Shift+I!
  12. 12. Forensics Cyber Forensics is a science which deals with techniques used to track the footprints left behind a cyber attack. TOOLS: ● Exiftool ● Stegsolve ● Binwalk ● Wireshark
  13. 13. Some popular Jeopardy CTFs
  14. 14. Attack Defense Style Insert one image from InCTF or j● Multiple servers running with same vulnerabilities ● Exploit others but first protect your services
  15. 15. How do I get started?
  16. 16. #becybersmart with CyberGurukulam
  17. 17. Hunting talents at the root level
  18. 18. InCTFj ● Only CTF contest for Indian school students ● Training for selected 50 students from all over India ● Final round - to learn how to put the taught skill sets into practice.
  19. 19. Learn | Hack | Win
  20. 20. What is InCTF all about? ● India’s first CTF for college students ● Completed 9 editions so far ● Aim - to encourage students towards security
  21. 21. How did Team bi0s get started?
  22. 22. Timeline of Team bi0s Ranked One Number 1 in India in 2016, 2017 and 2018. Currently ranked 7th in the world Founded in 2007 For CIPHER3 CTF Computer Security Club The first of the kind Students club in India Top Finishes Finished in top 10 in several international security competitions 1 2 3 4
  23. 23. What CTF teaches you? ● Team building ● Importance of secure Coding ● Essence of the real infosec exploits ● Enhances your skill sets
  24. 24. Resources ● https://wiki.bi0s.in/ ● https://www.youtube.com/InCTFj ● https://github.com/ashutosh1206/Crypton ● http://cryptopals.com/ ● https://github.com/abhi-r3v0/Adhrit ● http://crackmes.cf/archive/ ● https://pwnable.xyz/challenges/ ● http://pwnable.tw/ ● http://websec.fr/ ● http://angr.io/ ● https://ringzer0ctf.com/
  25. 25. Questions?
  26. 26. See you in the next CTF!

×