The document discusses Capture the Flag (CTF) challenges and cybersecurity events. It provides an introduction to Teammatrix and SCIT, an overview of CTF basics like solving puzzles to find flags. It describes different types of CTF events like red team vs blue team exercises, jeopardy-style, and flavors like steganography, cryptography, and web challenges. The importance of red team vs blue team exercises to test security preparedness is highlighted. Wargames organized by Teammatrix are mentioned as hackathons to spread security awareness.

1. MODERN CHALLENGE –
A LOOK AT CTF
CHALLENGES

2. Agenda
Introduction to Teammatrix and SCIT
CTF Basics
How to get started
Different Flavours Different Challenges
Red Team vs Blue Team exercise
Importance of RT vs BT exercise
Wargames
Conclusion

3. ABOUT SCIT and TEAMMATRIX
• SCIT is a premier IT B-School, located in PUNE. Their has been a huge demand for IT professionals at
top-management level, which is being catered by SCIT. It has been a leader since more than decade in
nurturing young talent in IT Business Management and have helped them transform into future
business leaders.
• TeamMatrix is a student driven, non-profit group founded by the students of SCIT. It was established in
2009 for spreading awareness about information security. Security has emerged to be the most
important aspect of any organisation and this team focuses on keeping up to date with the
developments and trends in this domain. With the motto 'Share, Learn, Implement and Refine’, we
aim to collaborate with like minded people.

4. CTF :BASICS
• CTF (Capture the Flag) is a cybersecurity event, focused on testing skillset of an individual.
• First of its kind was played during DEF CON 4, 1996 held in U.S.A
• It is based on simple concept of finding the hint (also known as flag) to crack the puzzle. The hint
can be anything cryptic words, text, numbers
• It checks the person’s ability to think on the feet, learn on the fly and use tools and technologies
that are never use before
• A great hobby to nurture for problem-solvers/security enthusiast

5. CTF :GETTING
STARTED
• Security is a vast field, and CTFs can include challenges in digital
forensics, cryptography, web security, and so on.
• A flag could be a phrase hidden in a network packet, a timestamp in
the metadata of a photo, a cipher sewn into a quilt.
• Challenges will contain clues to point you toward a flag, as well as
superfluous information to throw you off.
• Reading through write-ups, Blogs. Getting familiarized with basic
programming skills.
• Keeping track of various CTF events via ctftime.org and other well
known platforms.

6. CTF :TYPE
OF EVENTS
Attack - Def ense
In these types of events, teams defend a host PC while still trying to
attack opposing teams’ target PCs. Each team starts off with an
allotted time for patching and securing the PC, trying to discover as
many vulnerabilities as possible before the opponent attacking teams
can strike. Teams receive points for staving off attacks from opposing
teams and successfully infiltrating other teams.
Jeopardy-style
Jeopardy-style CTFs present competitors with a set of
questions that reveal clues that guide them in solving complex tasks
in a specific order. Teams receive points for each solved task. The
more difficult the task, the more points you can earn
upon its successful completion.
Mix
Combination of both

7. CTF : FLAVOURS Steganography
Finding secret messages hidden in form of string, image,
video file.
Crypto
Cracking a jumbled code. Deciphering it.
PWN (Exploitation)
Find.Exploit.Takeover. Such challenges focus of finding and
exploiting the environment
Rever se Engineering
Decoding the original source code. Understanding it and
creating a new code.
WEB
Analyze website contents to find the flag

8. Red Team
Red Teams are internal or entities dedicated to testing the effectiveness of a
security program by emulating the tools and techniques of likely attackers in the
most realistic way possible.
Blue Team
Blue Teams refer to the internal security team that defends against both real
attackers and Red Teams. Blue Teams should be distinguished from standard
security teams in most organizations, as most security operations teams do not
have a mentality of constant vigilance against attack.
Red Team vs Blue Team

9. RED TEAM
Obj ect ive
Circumvent, Breach and Exploit
BLUE TEAM
Attacks stimul ated by Red team
• Conduct remote attacks via the Internet, D N S
tunneling, ICMP tunneling
• Intrusion attempts via
Insider threat
• VPN-based attacks
• Access card copy and strength test
identity spoof
• Attack on physical Security
Obj ect ive
Detect and prevent attacks, develop security
controls
Cont rol measure by Blue team
• Identify type of attacks, intrusions on the
systems
• Block the attacks before they succeed
• Stay alert for reactive or preventive action
• Train the security teams for identity spoof
• Monitor Logs and SIEM
Config/Alerts

10. REAL LIFE CASES
HEARTBLEED
Allows stealing the
information protected,
under normal conditions, by
the SSL/TLS encryption used
to secure the Internet.
Allows attackers to
eavesdrop on
communications, steal data.
After math of 9/11,
Digitally embedded images
were used by terrorist to
communicate with each
other. This modus operandi
was cracked down later.
Reverse Engineering
Some of the popular
messenger applications are
exploited by competing
messenger applications. After
every new release, the
competitor application
decodes it and sets their new
releases.
Steganography

11. WARGAMES
Wargames – A Hackathon organized by Teammatrix, aimed towards spreading
awareness as well as develop a platform to engage Beginners and Corporates
to play in a simulated environment.
• HEIST – Red Team vs Blue Team exercise.
• CTF – Challenges based on different flavours of CTF.
• JailBreak – Solve puzzles to break through the special jail.

12. Key-Takeaways
• CTF and challenges alike are brain teasers.
• Important to hone the technical skills.
• Explore. Learn. Evolve.
• Cybersecurity is an ever evolving domain, need to be ahead of the curve.
WARGAME Registration Link: www.teammatrix.org/wargames
Follow us : @teammatrix_scit

13. Thank You