Evolution of Offensive Assessments - RootCon
Your SlideShare is downloading.
×
Check these out next
More Related Content
Similar to Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK (20)
More from Cysinfo Cyber Security Community (20)
Recently uploaded (20)
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
- 1. GETTING STARTED WITH SECURITY THROUGH CTFs By Geethna T K and Shruti Dixit
- 2. About Us ● Reverse Engineering | Binary Exploitation ● CTF Players ● Part of Team bi0s | Team Shakti ● Sophomores - Amrita School of Engineering, Amritapuri ● @rudyerudite | @GeethnaTk
- 3. What is a CTF? ● CTF - Capture The Flag ● Ethical hacking contest ● Hack the code and get the flag ● Play as a team or go solo!
- 4. Book Learning V/S CTF style learning ● Institutions - emphasize theory rather than practice. ● CTFs are build upon teamwork. ● CTFs - perceive attacker’s point of view. ● Communities build through CTFs ● And yes, learning is free of course!
- 5. Two Styles of CTF
- 6. Jeopardy Style Insert one image from InCTF or j ● Variety of challenges ● Scoring < -- > Difficulty
- 7. Jeopardy Style Categories: ● Reverse Engineering ● Binary Exploitation ● Forensics ● Cryptography ● Web Exploitation ● Android Security < / >
- 8. Cryptography Involves understanding the cryptosystem and breaking the ciphertext. TOOLS: ● Sage Math ● Pycrypto Library ● Crypton
- 9. Reverse Engineering Understanding and analyzing a system and looking for vulnerabilities TOOLS: ● GDB ● Radare2 ● IDA Pro ● Binary Ninja
- 10. Binary Exploitation Binary exploitation is the art of triggering vulnerabilities and redirecting code execution to perform functions that are unintended by the developer. Tools: ● Pwndbg ● Gdb-peda ● Ropgadgets
- 11. Web Exploitation Finding hidden backdoors in websites with an ingenuous look TOOLS: ● BurpSuite ● Edit this Cookie ● Just Hit Ctrl+Shift+I!
- 12. Forensics Cyber Forensics is a science which deals with techniques used to track the footprints left behind a cyber attack. TOOLS: ● Exiftool ● Stegsolve ● Binwalk ● Wireshark
- 13. Some popular Jeopardy CTFs
- 14. Attack Defense Style Insert one image from InCTF or j● Multiple servers running with same vulnerabilities ● Exploit others but first protect your services
- 15. How do I get started?
- 16. #becybersmart with CyberGurukulam
- 17. Hunting talents at the root level
- 18. InCTFj ● Only CTF contest for Indian school students ● Training for selected 50 students from all over India ● Final round - to learn how to put the taught skill sets into practice.
- 19. Learn | Hack | Win
- 20. What is InCTF all about? ● India’s first CTF for college students ● Completed 9 editions so far ● Aim - to encourage students towards security
- 21. How did Team bi0s get started?
- 22. Timeline of Team bi0s Ranked One Number 1 in India in 2016, 2017 and 2018. Currently ranked 7th in the world Founded in 2007 For CIPHER3 CTF Computer Security Club The first of the kind Students club in India Top Finishes Finished in top 10 in several international security competitions 1 2 3 4
- 23. What CTF teaches you? ● Team building ● Importance of secure Coding ● Essence of the real infosec exploits ● Enhances your skill sets
- 24. Resources ● https://wiki.bi0s.in/ ● https://www.youtube.com/InCTFj ● https://github.com/ashutosh1206/Crypton ● http://cryptopals.com/ ● https://github.com/abhi-r3v0/Adhrit ● http://crackmes.cf/archive/ ● https://pwnable.xyz/challenges/ ● http://pwnable.tw/ ● http://websec.fr/ ● http://angr.io/ ● https://ringzer0ctf.com/
- 25. Questions?
- 26. See you in the next CTF!
