1. {elysiumsecurity}
THE ART OF CTF
Version: 1.2a
Date: 28/08/2018
Author: Sylvain Martinez
Reference: ESC10-MUSCL
Classification: Public
cyber protection & response

2. {elysiumsecurity}
cyber protection & response
2
EXAMPLESBENEFITSCONCEPTCONTEXT
• What is a CTF? • Find the image!
• Look at this sound!
CONTENTS
Public
• Skills Challenges;
• Resources Challenges;
• Learning Challenges;
• Learn;
• Practice;
• Win;

3. {elysiumsecurity}
cyber protection & response
3
EXAMPLESBENEFITSCONCEPTCONTEXT
SKILLS CHALLENGES
Public
62% HAVE NOT INCREASED
SECURITY TRAINING BUDGET
1 OUT OF 3 SECURITY PROS NOT
FAMILIAR WITH NEW THREATS
Icons from the noun project unless specified otherwise, SOURCE: Business Wire 2014
83% OF ENTERPRISES LACK THE
RIGHT SKILLS AND RESOURCES TO
PROTECT THEIR IT ASSETS

4. {elysiumsecurity}
cyber protection & response
4
EXAMPLESBENEFITSCONCEPTCONTEXT
RESOURCES CHALLENGES
Public
1 MILLION UNFILLED SECURITY
JOBS WORDWIDE
92% OF HIRING MANAGER SEEKS
PAST EXPERIENCE IN SECURITY
SOURCE: Business Wire 2014 and CBR ONLINE 2017
<2.4% GRADUATING STUDENTS
HAVE SECURITY DEGREES

5. {elysiumsecurity}
cyber protection & response
5
EXAMPLESBENEFITSCONCEPTCONTEXT
LEARNING CHALLENGES
Public
EXPERIMENTATION DANGER
TRAINING CREATIVITY

6. {elysiumsecurity}
cyber protection & response
6
WHAT IS A CTF?
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
A SAFE HACKING ENVIRONMENT
A GUIDED JOURNEY OF HACKING
CHALLENGES
CAPTURE THE FLAG
IS A LEARNING GAME

7. {elysiumsecurity}
cyber protection & response
7
WHAT IS A CTF?
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
MOST CTF ARE FREE
MANY ARE AVAILABLE ONLINE
SOME REQUIRE PHYSICAL ACCESS

8. {elysiumsecurity}
cyber protection & response
8
WHAT IS A CTF?
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
ACCESSIBLE TO ALL SKILL LEVELS
USUALLY FIND AN MD5 HASH
bac2e4a7dab0d89df5f672972910b8c4
MOST CTF OFFENSIVE
SOME DEFENSIVE

9. {elysiumsecurity}
cyber protection & response
9
LEARN
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU LEARN THE REAL IMPACT OF
KNOWN VULNERABILITIES
YOU LEARN THE REAL IMPACT OF
MISCONFIGURATION AND
PATCHING
YOU LEARN WHILST PLAYING A
GAME

10. {elysiumsecurity}
cyber protection & response
10
PRACTICE
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU PRACTISE REAL ATTACKS
YOU PRACTISE OUTSIDE THE BOX
THINKING
YOU PRACTISE OTHER IT SKILLS

11. {elysiumsecurity}
cyber protection & response
11
WIN!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU GET A FREE TRAINING
GROUND
YOU MAY EVEN GET MONEY/GIFT
YOU GET PEERS RECOGNITION

12. {elysiumsecurity}
cyber protection & response
12
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SANS XMAS CHALLENGE 2015
PART 1, QUESTION 2
FIND THE IMAGE IN THE PCAP FILE
DNS
TRAFFIC
ONLY

13. {elysiumsecurity}
cyber protection & response
13
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
ANYTHING STRANGE WITH THESE DNS QUERIES?

14. {elysiumsecurity}
cyber protection & response
14
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
“1337” IS HACKING REFERENCE!
FOLLOW THE UDP STREAM

15. {elysiumsecurity}
cyber protection & response
15
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SAVE TEXT INTO A FILE AND EXTRACT THE ”EXTRA DNS
INFORMATION”

16. {elysiumsecurity}
cyber protection & response
16
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU GET THE IMAGE WHICH WAS TRANSMITTED OVER DNS
QUERIES
SANS XMAS CHALLENGE 2015
WRITE
https://www.elysiumsecurity.com/blog/Challenges/post6.html#two

17. {elysiumsecurity}
cyber protection & response
17
FIND THE IMAGE!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU LEARNT HOW TO USE WIRESHARK AND INVESTIGATE
TRAFFIC FLOW
YOU LEARNT HOW TO EXTRACT DATA FROM A PACKET CAPTURE
YOU LEARNT OF A HACKING TECHNICS TO EXFILTRATE
INFORMATION FROM A LOCKED DOWN ENVIRONMENT
YOU LEARNT THAT GNOMES ARE EVIL!

18. {elysiumsecurity}
cyber protection & response
18
LOOK AT THIS SOUND!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SANS BROCHURE CHALLENGE 2014
CHALLENGE 3, LEVEL 2
“LOOK AT AN AUDIO FILE”
REFERENCE TO AN SVN
COPYING REPO PRODUCES FILES BUT NO AUDIO FILE
LOOKING AT COMMAND OUTPUT
DONOTOPEN.MP3 GETS DELETED
EDIT THE REPO.SVN AND REMOVE DELETE INSTRUCTION
YOU HAVE A WAVE FILE!

19. {elysiumsecurity}
cyber protection & response
19
LOOK AT THIS SOUND!
Public
WHAT TO DO WITH THAT FILE?
EXAMPLESBENEFITSCONCEPTCONTEXT
“Which of the following would you most prefer? A) a puppy B) a
pretty flower from your sweetie or C) a large properly formed
data file? You have failed this reverse Turing test, now suffer the
consequences.. “

20. {elysiumsecurity}
cyber protection & response
20
LOOK AT THIS SOUND!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
SANS BROCHURE CHALLENGE 2015
WRITE UP:
https://www.elysiumsecurity.com/blog/Challenges/post2.html
SPECTROGRAM!

21. {elysiumsecurity}
cyber protection & response
21
LOOK AT THIS SOUND!
Public
EXAMPLESBENEFITSCONCEPTCONTEXT
YOU LEARNT TO PAY ATTENTION ABOUT WHAT IS BEING ASKED
YOU LEARNT HOW TO USE A REPOSITORY ENVIRONMENT
YOU LEARNT TO THINK OUTSIDE THE BOX AND… PERSEVERE!
YOU LEARNT A STEGANOGRAPHY TECHNIC

22. {elysiumsecurity}
cyber protection & response
© 2018 ELYSIUMSECURITY LTD.
All Rights Reserved
www.elysiumsecurity.com
ELYSIUMSECURITY provides practical expertise to identify
vulnerabilities, assess their risks and impact, remediate those
risks, prepare and respond to incidents as well as raise security
awareness through an organization.
ELYSIUMSECURITY provides high level expertise gathered
through years of best practices experience in large
international companies allowing us to provide advice best
suited to your business operational model and priorities.
ABOUT ELYSIUMSECURITY LTD.
ELYSIUMSECURITY provides a portfolio of Strategic and Tactical
Services to help companies protect and respond against Cyber
Security Threats. We differentiate ourselves by offering
discreet, tailored and specialized engagements.
ELYSIUMSECURITY operates in Mauritius and in Europe,
a boutique style approach means we can easily adapt to your
business operational model and requirements to provide a
personalized service that fits your working environment.