SlideShare a Scribd company logo

Cyber Security Workshop Presentation.pptx

Download as PPTX, PDF
Y
YashSomalkar

Explore the world of ethical hacking with CTF (Capture the Flag) in a fun and interactive way. Join us and ensure you bring your laptops to follow along with live CTF challenges. Cybersecurity may seem daunting, but CTF makes it accessible to all.

Technology
1 of 33
Capture the Flag (CTF) is a type of information security competition that challenges competitors to solve a variety of tasks. CTFs are an educational exercise to give participants experience in attacking or defending software and sometimes even hardware. The goal is to find hidden "flags", which are typically text or files that must be submitted to earn points.
CTF challenges are based on already existing exploits and give you an environment to try them out. But the fun part is...you don‘t know what exploit has to be used. You have to review whatever challenge files have been given to you and craft an exploit yourself. This leads to a much better understanding of the exploit than just reading one.
Apart from a better understanding of exploits you learn secure coding practices and improve your scripting skills. You learn essential skills you need for any tech career - SQL, web stacks, CP, linux, docker and much more.... The CTF community is very active and you are able to connect to people around the globe. And solving puzzles and learning new skills all while having fun...isn’t that just awesome?
Most of public CTFs are listed on CTFtime. This is a site which saves the data after each CTF, and mantains a scoreboard for each team. There is a country wise scoreboard and an international scoreboard. The difficulty of a CTF depends on the rating points given. Generally, more the rating, the tougher the CTF will be.
• Web Exploitation • Forensics/IR/Stego • pwn • Reversing • Crypto • OSINT
https://bit.ly/48CmYoe
Web exploitation in CTF challenges refers to finding and exploiting vulnerabilities in web applications. Usually, the source code for the web app is provided as a docker environment. You are supposed to review the source code and find some vulnerability.
• SQL Injection • Obfuscation in a javascript file • Path traversal • Modifying cookies • MIME type attack • XXS (Cross Site Scripting) • CSRF ( Cross-Site Request Forgery) • Subdomain fuzzing • Directory fuzzing
Typically, any tool which helps you modify the requests is enough. These include curl, nc or python requests to name some if you want to work manually. Burpsuite is a tool specifically designed to find web vulnerabilities and has a GUI.
A basic knowledge of how web works and what protocols are is a must. A basic understanding of OSI layer model will also help. You will find many videos on youtube for this. Once you have this basic knowledge, the portswigger academy is the best resource with tons of free topic wise labs with theory.
Reversing in CTF challenges refers to the process of taking a compiled program and converting it back into a more human- readable format. The goal of a reversing challenge is usually to understand the functionality of a given program so that a correct input for the executable can be found.
The basic and the underlying approach for any reversing challenge is to somehow find the correct input. At a beginner level, all that is needed for this is patience and ability to read code and understand what it does.
Linux file and strings commands are important tools for checking file structure and strings in it. A hex editor like HxD is also useful for checking headers and other data. Decompilers like Ghidra, IDA, Binaray Ninja etc. A good online decompiler is dogbolt.org.
Try the decompilers listed in previous slide and get comfortable with any one. Use youtube or any article you find on how to start using it. For basic challenges, this will suffice you. Once you want to get more advanced start with this.
Find what this code is doing...
Forensics in CTF challenges involve analyzing digital artifacts or images to extract hidden information. Participants may need to examine file headers, recover deleted data, or use steganography techniques to uncover hidden messages. This is a category where you mostly learn as you see challenges.
In stego challs, usually very less information is given and many times you need to do everything you know one by one to check what is hidden. In IR, you are given a copy of a disk of an attacked machine and you are supposed to trace events and find flags. This is mostly a series of 7-8 challs and requires knowledge of all other categories as well.
The list of tools here is unending, but some tools used as de facto are: • Wireshark/tshark for pcap analysis • Stego tools (loads of them) • Password cracking tools (yes they exist!)
As mentioned earlier, you learn forensics by doing only. You can follow our CSOC’22 course for learning the skills here. Apart from this seeing and reading writeups will help a lot. Look at this playlist. For IR, a basic knowledge of all skills is required. You can check this writeup here for seeing how its done.
In CTF challenges, "pwn" refers to a category of challenges that involves exploiting vulnerable programs running on a remote server. The objective is to redirect the program flow to do something different and obtain a flag. This is also called Binary Exploitation.
One of the most interesting problems is that of pwning, where you have to somehow get what is unintended by the program. The approach is to basically understand the control flow and craft inputs that would break the program and allow it to behave the way we want.
pwning requires knowledge of assembly and computer architecture. Some tools that will help you analyse them and craft exploits are: • Reversing tools • Debugger like gdb • pwntools library for python
Knowledge of assembly, memory, executables is required. For assembly follow this. Then you can start with pwn.college or nightmare (helps in reversing as well). Both are excellent resources. This playlist is also really awesome!
Cryptography is the process of hiding information. Cryptography in CTF challenges refers to the use of codes and ciphers to encrypt and decrypt messages. In these challenges, contestants are usually given a ciphertext and are asked to find the corresponding plaintext.
• Symmetric Encryption Schemes ⚬ AES ■ ECB ■ CBC ■ CTR ⚬ OTP • Asymmetric Encryption Schemes ⚬ RSA ⚬ DSA • Hashing ⚬ SHA ⚬ Md5 • Various ciphers like ⚬ substitution cipher ⚬ vignere cipher ⚬ rail-fence cipher ⚬ ROT13
• cryptohack.org • CyberChef • dcode.fr/en • https://www.alpertron.com.ar/JAVAPROG.HTM • SageMath
OSINT in CTF challenges stands for Open Source Intelligence. It refers to the process of gathering information from publicly available sources such as social media, public records, and online tools to find information about a target, usually an individual or organization.
What OSINT really requires is observing skills and tons of patience. You learn most by gaining experience. Specific tools maybe found at an awesome online tool osintframework.com. Reading and seeing writeups will help you gain good skills. This is a really nice 5 hrs video covering all aspects.
Aayush is a member of the Infosec IIT(BHU). You know that Aayush goes by the username aahyouoos and he likes hacking, coding, AI and chess. Find out the answers to the questions using your OSINT skills. Scan this QR
Aayush is a member of the Infosec IIT(BHU). You know that Aayush goes by the username aahyouoos and he likes hacking, coding, AI and chess. Find out the answers to the questions using your OSINT skills. or Go to t.ly/fRDbW Scan this QR
Apart from the before mentioned domain related resources, there are a few skills you would need to have. The first is Linux. Linux is an open source and lightweight operating system that is used for development and other tech tasks. We recommend you install linux as a VM and start learning from here. Once you get comfortable, do this. The second thing is learning a scripting language. Most of you will learn C programming language in first year. But for scripting, especially in CTFs, python is the language of choice due its flexibility and tons of extra libraries. You can start learning python by following the tutorial in official docs.
The CTF will be your first step in the process of entry in COPS. So get ready for some action!

Recommended

Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
A closer look at CTF challenges
A closer look at CTF challengesA closer look at CTF challenges
A closer look at CTF challengesDNIF
 
Caputre the flag
Caputre the flagCaputre the flag
Caputre the flagUIT
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaComputer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaEdureka!
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.Vuz Dở Hơi
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 

Recommended

Introduction of CTF and CGC
Introduction of CTF and CGCIntroduction of CTF and CGC
Introduction of CTF and CGCKir Chou
 
A closer look at CTF challenges
A closer look at CTF challengesA closer look at CTF challenges
A closer look at CTF challengesDNIF
 
Caputre the flag
Caputre the flagCaputre the flag
Caputre the flagUIT
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaComputer Security | Types of Computer Security | Cybersecurity Course | Edureka
Computer Security | Types of Computer Security | Cybersecurity Course | EdurekaEdureka!
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingAmine SAIGHI
 
Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.Cehv8 - Module 02: footprinting and reconnaissance.
Cehv8 - Module 02: footprinting and reconnaissance.Vuz Dở Hơi
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Capture The Flag
Capture The FlagCapture The Flag
Capture The FlagHuu Tung Nguyen
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Detecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEMDetecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEMJustin Henderson
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingHeba Hamdy Farahat
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Pgp smime
Pgp smimePgp smime
Pgp smimeTania Agni
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanningVi Tính Hoàng Nam
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Introduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecIntroduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecYashSomalkar
 
Get started with hacking
Get started with hackingGet started with hacking
Get started with hackingHam'zzah Mir-zza
 

More Related Content

What's hot

Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Detecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEMDetecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEMJustin Henderson
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingHeba Hamdy Farahat
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 

What's hot (20)

Capture The Flag
Capture The FlagCapture The Flag
Capture The Flag
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Detecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEMDetecting modern PowerShell attacks with SIEM
Detecting modern PowerShell attacks with SIEM
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
Play,Learn and Hack- CTF Training
Play,Learn and Hack- CTF TrainingPlay,Learn and Hack- CTF Training
Play,Learn and Hack- CTF Training
 
Nmap
NmapNmap
Nmap
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence program
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 

Similar to Cyber Security Workshop Presentation.pptx

Introduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecIntroduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecYashSomalkar
 
CTF CyberX-Mind4Future[4].pptx
CTF CyberX-Mind4Future[4].pptxCTF CyberX-Mind4Future[4].pptx
CTF CyberX-Mind4Future[4].pptxcifoxo
 
Machine learning in cybersecutiry
Machine learning in cybersecutiryMachine learning in cybersecutiry
Machine learning in cybersecutiryVishwas N
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Cs121 Unit Test
Cs121 Unit TestCs121 Unit Test
Cs121 Unit TestJill Bell
 
Cr java concept by vikas jagtap
Cr java concept by vikas jagtapCr java concept by vikas jagtap
Cr java concept by vikas jagtapVikas Jagtap
 
Flag4 CTF
Flag4 CTFFlag4 CTF
Flag4 CTFijtsrd
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Dennis de Greef
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec CareerAndrew McNicol
 
TeelTech - Advancing Mobile Device Forensics (online version)
TeelTech - Advancing Mobile Device Forensics (online version)TeelTech - Advancing Mobile Device Forensics (online version)
TeelTech - Advancing Mobile Device Forensics (online version)Mike Felch
 
Io t slides_iotvillage
Io t slides_iotvillageIo t slides_iotvillage
Io t slides_iotvillageagmoneyy
 
Demystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampDemystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampAndré Baptista
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
How to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringHow to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringAndrew Kirkpatrick
 

Similar to Cyber Security Workshop Presentation.pptx (20)

Introduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSecIntroduction to Cybersecurity | IIT(BHU)CyberSec
Introduction to Cybersecurity | IIT(BHU)CyberSec
 
Get started with hacking
Get started with hackingGet started with hacking
Get started with hacking
 
CTF CyberX-Mind4Future[4].pptx
CTF CyberX-Mind4Future[4].pptxCTF CyberX-Mind4Future[4].pptx
CTF CyberX-Mind4Future[4].pptx
 
Machine learning in cybersecutiry
Machine learning in cybersecutiryMachine learning in cybersecutiry
Machine learning in cybersecutiry
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Cs121 Unit Test
Cs121 Unit TestCs121 Unit Test
Cs121 Unit Test
 
Cr java concept by vikas jagtap
Cr java concept by vikas jagtapCr java concept by vikas jagtap
Cr java concept by vikas jagtap
 
Flag4 CTF
Flag4 CTFFlag4 CTF
Flag4 CTF
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
Profiling PHP - WordPress Meetup Nijmegen 2015-03-11
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec Career
 
01.intro
01.intro01.intro
01.intro
 
TeelTech - Advancing Mobile Device Forensics (online version)
TeelTech - Advancing Mobile Device Forensics (online version)TeelTech - Advancing Mobile Device Forensics (online version)
TeelTech - Advancing Mobile Device Forensics (online version)
 
Io t slides_iotvillage
Io t slides_iotvillageIo t slides_iotvillage
Io t slides_iotvillage
 
Demystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels CampDemystifying Binary Reverse Engineering - Pixels Camp
Demystifying Binary Reverse Engineering - Pixels Camp
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.ppt
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
 
How to get started with Site Reliability Engineering
How to get started with Site Reliability EngineeringHow to get started with Site Reliability Engineering
How to get started with Site Reliability Engineering
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 

Cyber Security Workshop Presentation.pptx

  • 1.
  • 2. Capture the Flag (CTF) is a type of information security competition that challenges competitors to solve a variety of tasks. CTFs are an educational exercise to give participants experience in attacking or defending software and sometimes even hardware. The goal is to find hidden "flags", which are typically text or files that must be submitted to earn points.
  • 3. CTF challenges are based on already existing exploits and give you an environment to try them out. But the fun part is...you don‘t know what exploit has to be used. You have to review whatever challenge files have been given to you and craft an exploit yourself. This leads to a much better understanding of the exploit than just reading one.
  • 4. Apart from a better understanding of exploits you learn secure coding practices and improve your scripting skills. You learn essential skills you need for any tech career - SQL, web stacks, CP, linux, docker and much more.... The CTF community is very active and you are able to connect to people around the globe. And solving puzzles and learning new skills all while having fun...isn’t that just awesome?
  • 5. Most of public CTFs are listed on CTFtime. This is a site which saves the data after each CTF, and mantains a scoreboard for each team. There is a country wise scoreboard and an international scoreboard. The difficulty of a CTF depends on the rating points given. Generally, more the rating, the tougher the CTF will be.
  • 6. • Web Exploitation • Forensics/IR/Stego • pwn • Reversing • Crypto • OSINT
  • 8. Web exploitation in CTF challenges refers to finding and exploiting vulnerabilities in web applications. Usually, the source code for the web app is provided as a docker environment. You are supposed to review the source code and find some vulnerability.
  • 9. • SQL Injection • Obfuscation in a javascript file • Path traversal • Modifying cookies • MIME type attack • XXS (Cross Site Scripting) • CSRF ( Cross-Site Request Forgery) • Subdomain fuzzing • Directory fuzzing
  • 10. Typically, any tool which helps you modify the requests is enough. These include curl, nc or python requests to name some if you want to work manually. Burpsuite is a tool specifically designed to find web vulnerabilities and has a GUI.
  • 11. A basic knowledge of how web works and what protocols are is a must. A basic understanding of OSI layer model will also help. You will find many videos on youtube for this. Once you have this basic knowledge, the portswigger academy is the best resource with tons of free topic wise labs with theory.
  • 12. Reversing in CTF challenges refers to the process of taking a compiled program and converting it back into a more human- readable format. The goal of a reversing challenge is usually to understand the functionality of a given program so that a correct input for the executable can be found.
  • 13. The basic and the underlying approach for any reversing challenge is to somehow find the correct input. At a beginner level, all that is needed for this is patience and ability to read code and understand what it does.
  • 14. Linux file and strings commands are important tools for checking file structure and strings in it. A hex editor like HxD is also useful for checking headers and other data. Decompilers like Ghidra, IDA, Binaray Ninja etc. A good online decompiler is dogbolt.org.
  • 15. Try the decompilers listed in previous slide and get comfortable with any one. Use youtube or any article you find on how to start using it. For basic challenges, this will suffice you. Once you want to get more advanced start with this.
  • 16. Find what this code is doing...
  • 17. Forensics in CTF challenges involve analyzing digital artifacts or images to extract hidden information. Participants may need to examine file headers, recover deleted data, or use steganography techniques to uncover hidden messages. This is a category where you mostly learn as you see challenges.
  • 18. In stego challs, usually very less information is given and many times you need to do everything you know one by one to check what is hidden. In IR, you are given a copy of a disk of an attacked machine and you are supposed to trace events and find flags. This is mostly a series of 7-8 challs and requires knowledge of all other categories as well.
  • 19. The list of tools here is unending, but some tools used as de facto are: • Wireshark/tshark for pcap analysis • Stego tools (loads of them) • Password cracking tools (yes they exist!)
  • 20. As mentioned earlier, you learn forensics by doing only. You can follow our CSOC’22 course for learning the skills here. Apart from this seeing and reading writeups will help a lot. Look at this playlist. For IR, a basic knowledge of all skills is required. You can check this writeup here for seeing how its done.
  • 21. In CTF challenges, "pwn" refers to a category of challenges that involves exploiting vulnerable programs running on a remote server. The objective is to redirect the program flow to do something different and obtain a flag. This is also called Binary Exploitation.
  • 22. One of the most interesting problems is that of pwning, where you have to somehow get what is unintended by the program. The approach is to basically understand the control flow and craft inputs that would break the program and allow it to behave the way we want.
  • 23. pwning requires knowledge of assembly and computer architecture. Some tools that will help you analyse them and craft exploits are: • Reversing tools • Debugger like gdb • pwntools library for python
  • 24. Knowledge of assembly, memory, executables is required. For assembly follow this. Then you can start with pwn.college or nightmare (helps in reversing as well). Both are excellent resources. This playlist is also really awesome!
  • 25. Cryptography is the process of hiding information. Cryptography in CTF challenges refers to the use of codes and ciphers to encrypt and decrypt messages. In these challenges, contestants are usually given a ciphertext and are asked to find the corresponding plaintext.
  • 26. • Symmetric Encryption Schemes ⚬ AES ■ ECB ■ CBC ■ CTR ⚬ OTP • Asymmetric Encryption Schemes ⚬ RSA ⚬ DSA • Hashing ⚬ SHA ⚬ Md5 • Various ciphers like ⚬ substitution cipher ⚬ vignere cipher ⚬ rail-fence cipher ⚬ ROT13
  • 27. • cryptohack.org • CyberChef • dcode.fr/en • https://www.alpertron.com.ar/JAVAPROG.HTM • SageMath
  • 28. OSINT in CTF challenges stands for Open Source Intelligence. It refers to the process of gathering information from publicly available sources such as social media, public records, and online tools to find information about a target, usually an individual or organization.
  • 29. What OSINT really requires is observing skills and tons of patience. You learn most by gaining experience. Specific tools maybe found at an awesome online tool osintframework.com. Reading and seeing writeups will help you gain good skills. This is a really nice 5 hrs video covering all aspects.
  • 30. Aayush is a member of the Infosec IIT(BHU). You know that Aayush goes by the username aahyouoos and he likes hacking, coding, AI and chess. Find out the answers to the questions using your OSINT skills. Scan this QR
  • 31. Aayush is a member of the Infosec IIT(BHU). You know that Aayush goes by the username aahyouoos and he likes hacking, coding, AI and chess. Find out the answers to the questions using your OSINT skills. or Go to t.ly/fRDbW Scan this QR
  • 32. Apart from the before mentioned domain related resources, there are a few skills you would need to have. The first is Linux. Linux is an open source and lightweight operating system that is used for development and other tech tasks. We recommend you install linux as a VM and start learning from here. Once you get comfortable, do this. The second thing is learning a scripting language. Most of you will learn C programming language in first year. But for scripting, especially in CTFs, python is the language of choice due its flexibility and tons of extra libraries. You can start learning python by following the tutorial in official docs.
  • 33. The CTF will be your first step in the process of entry in COPS. So get ready for some action!