Capture The Flag

•

0 likes•52 views

Omar Fathy

Bug Bounty Program and how to learn from Participating in CTF competitions

Technology

2
Omar Mohamed Fathy
Front-End Developer @ CyberTalents

AGENDA
• How to earn money from bugs?
• What is Bug bounty Program?
• What is CTF Competitions?
• Types of Challenges
• What are Flags?
• What is the write-up?
• Who can play in the CTF?
• CTF Competitions in Egypt
• Demo...
• CTF Resources
3

CTF COMPETITIONS
• Capture the Flag ( CTF) is an information security competition
• where participants demonstrate their technical ability.
• Jeopardy: Participants try to solve various challenges in different
• categories. Participants get points for every challenge they solve,
• the team with the highest number of points will be the winner.
• Attack and Defense: Participants attack other contestants while
• defending their own network/system, the team who was able to
• attack other team and defend his system will be the winner.
9

WHAT IS CHALLENGE?
• Challenges are the questions that you have to solve to get points.
• Every Challenge has a description, Difficulty level, category and
number of points to solve.
11

TYPES OF CHALLENGES
• Network Security
• Web Security
• Malware Reverse Engineering
• Digital Forensics
• Cryptography
• General Knowledge
• Others
12

$WHAT ARE FLAGS? • Some sort of text/MD5 hash that you submit to CTF portal to get • the challenge points. • e.g. of flags : b1a1f2855d2428930e0c9c3ce10600d6 • flag{I_am_the_key}. 14$

WHAT ISTHE WRITEUP
• This is a document or article describing the solution of a certain
• challenge.
• Reading write-ups is one of the main ways to get introduced to
• CTFs.
16

WHO CAN PLAY INTHE CTF?
• Anyone can play CTF, However each category need a set of skills :
• Development Skills, Network Skills, Web development skills.
• Problem Solving Skills.
• Patience and keep trying mentality.
18

CTF COMPETITIONS IN EGYPT
• EGYPT CYBER SECURITY NATIONAL CTF CyberTalents
• CyberWar Games
20

CTF RESOURCES - PLAY
• https://www.ctftime.org
• https://www.cybertalents.com
• https://www.hackthebox.eu
• https://www.amanhardikar.com/mindmaps/Practice.html
• https://www.vulnhub.com
• https://www.root-me.org
• https://www.certifiedsecure.com
• http://www.wechall.net
• https://www.ctflearn.com
• https://www.ringzer0team.com
• https://exploit-exercises.com
23

CTF RESOURCES - LEARN
• https://trailofbits.github.io/ctf/index.html
• http://www.openctf.com/html/firstctf.html
• http://www.pentesteracademy.com
• http://www.opensecuritytraining.info/Training.html
• https://web.stanford.edu/class/cs253
• CyberTalents Webinars
• Web Application Penetration Testing Course
24

THANKYOU!
Omarmfathy219@gmail.Com
Linkedin.com/in/omarmfathy219

A capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems. Typically, these competitions are team-based and attract a diverse range of participants, including students, enthusiasts and professionals. A CTF competition may take a few short hours, an entire day or even multiple days.

Ncc hackers session 4

Jemma Davis

How to secure HCE

Riscure

Introduction to Cybersecurity | IIT(BHU)CyberSec

YashSomalkar

This is going to be series of Events around Cybersecurity, If you are lucky enough try to witness it live on our GDSC chapter. Link of todays Event : https://gdsc.community.dev/events/details/developer-student-clubs-indian-institute-of-technology-varanasi-presents-introduction-to-cybersecurity-learn-to-hack-series/ Socials : Website: https://copsiitbhu.co.in LinkedIn : https://linkedin.com/company/cops-iitbhu Instagram : https://instagram/cops.iitbhu/ Facebook : https://facebook.com/cops.iitbhu/ GitHub : https://github.com/COPS-IITBHU

Today connected devices are everywhere, where we expect a massive growth over the upcoming years. What are connected devices (IOT)? It connects people to machines, machines to machines and shares data both people and machines create. However, why should you care about security? This presentation walks you through why connected devices (IOT) are being targeted, what typically goes wrong during development making these devices vulnerable to attacks and whats next...

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...

EC-Council

13 Things to Look for in a Token Project by Edith Yeung

Edith Yeung

Caputre the flag

UIT

Secure Coding - Are we doing it wrongbryns

Topcoder Reflections: Observations from a Decade of Crowdsourcing with the Pu...

Epi Ludvik Nekaj 宇赫

Topcoder Reflections: Observations from a Decade of Crowdsourcing with the Pu...

Crowdsourcing Week

A closer look at CTF challenges

DNIF

This presentation showcased live during the DNIF Konnect meetup on 14th November 2019. We have our guest presenter: Sudhan Pathak and Nabeel Shaikh - MBA student at Symbiosis centre for Information Technology, walk us basics and some of the challenges at Capture The Flag (CTF). Some key points discussed during the meetup: -Introduction to NXLogs. -Find out how using NXLogs with DNIF can make life easier for security analysts. -Introduction to the concepts of capture the flag (CTF). -Learn how users can easily manage their DNIF components. Watch the full presentation here: https://www.youtube.com/watch?v=UHE9-oYatiY

How to build corporate size fraud prevention

Yury Leonychev

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Alejandro Hernández

Adversary Driven Defense in the Real World

James Wickett

The hardcore stuff i hack, experiences from past VAPT assignments

n|u - The Open Security Community

Evading & Bypassing Anti-Malware applications using metasploit

n|u - The Open Security Community

Centralized Crypto Exchange Development Challenges

Tess Casali

SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense

John Bambenek

Between limited resources and a lack of trained professionals on one hand and the increasing quantity and quality of attacks on the other, securing enterprises and responding to incidents has placed defenders on the losing end of a digital arms race. Even managing the amounts of threat data and open-source intelligence has become a challenge. This talk will cover the possibilities and perils of integrating all the various sources of threat intelligence data to protect an organization. With all the various open-source and paid-source data, simply dumping it all into a firewall or DNS RPZ zone can be problematic. What to do about compromised websites or shared hosting environments? What about DGA domains that use full words and may collide with actual innocent websites? What about how to handle threat data that is lacking in context to make appropriate decisions on its validity and accuracy? This talk will present several case studies in how these problems can be tackled and how using multi-domain analysis can help reduce the risk and maximize the value of automated protection using these types of data.

Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)

ITCamp

Introduction of CTF and CGC

Kir Chou

Cyber Security Workshop Presentation.pptx

YashSomalkar

Lesson2.9 p u2l6 cryptography and innovations

Lexume1

Introduction to Serverless with AWS Lambda

Omar Fathy

Cloud Run and Containers

Omar Fathy

Similar to Capture The Flag

Play,Learn and Hack- CTF Training

Heba Hamdy Farahat

Who needs iot security?

Justin Black

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...

EC-Council

13 Things to Look for in a Token Project by Edith Yeung

Edith Yeung

Caputre the flag

UIT

Secure Coding - Are we doing it wrongbryns

Topcoder Reflections: Observations from a Decade of Crowdsourcing with the Pu...

Epi Ludvik Nekaj 宇赫

Topcoder Reflections: Observations from a Decade of Crowdsourcing with the Pu...

Crowdsourcing Week

A closer look at CTF challenges

DNIF

How to build corporate size fraud prevention

Yury Leonychev

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Alejandro Hernández

Adversary Driven Defense in the Real World

James Wickett

The hardcore stuff i hack, experiences from past VAPT assignments

n|u - The Open Security Community

Evading & Bypassing Anti-Malware applications using metasploit

n|u - The Open Security Community

Centralized Crypto Exchange Development Challenges

Tess Casali

SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense

John Bambenek

Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)

ITCamp

Introduction of CTF and CGC

Kir Chou

Cyber Security Workshop Presentation.pptx

YashSomalkar

Lesson2.9 p u2l6 cryptography and innovations

Lexume1

Similar to Capture The Flag (20)

Play,Learn and Hack- CTF Training

Who needs iot security?

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...

13 Things to Look for in a Token Project by Edith Yeung

Caputre the flag

Secure Coding - Are we doing it wrong

Topcoder Reflections: Observations from a Decade of Crowdsourcing with the Pu...

A closer look at CTF challenges

How to build corporate size fraud prevention

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Adversary Driven Defense in the Real World

The hardcore stuff i hack, experiences from past VAPT assignments

Evading & Bypassing Anti-Malware applications using metasploit

Centralized Crypto Exchange Development Challenges

SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense

Security Myths and Facts in Today's It World (Tudor Damian & Mihai Tataran)

Introduction of CTF and CGC

Cyber Security Workshop Presentation.pptx

Lesson2.9 p u2l6 cryptography and innovations

Recently uploaded

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

The Future of Platform Engineering

Jemma Hussein Allen

Welocme to ViralQR, your best QR code generator.

ViralQR

Welcome to ViralQR, your best QR code generator available on the market! At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies. Our Vision We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide. Our Achievements Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes. Our Services At ViralQR, here is a comprehensive suite of services that caters to your very needs: Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses. Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding. Pricing and Packages Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service. Why choose us? ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations. Comprehensive Analytics Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country. So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Free Complete Python - A step towards Data Science

RinaMondal9

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

DevOps and Testing slides at DASA Connect

Kari Kakkonen

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Recently uploaded (20)

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Generative AI Deep Dive: Advancing from Proof of Concept to Production

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

How world-class product teams are winning in the AI era by CEO and Founder, P...

The Future of Platform Engineering

Welocme to ViralQR, your best QR code generator.

Leading Change strategies and insights for effective change management pdf 1.pdf

Free Complete Python - A step towards Data Science

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elevating Tactical DDD Patterns Through Object Calisthenics

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Assure Contact Center Experiences for Your Customers With ThousandEyes

Assuring Contact Center Experiences for Your Customers With ThousandEyes

UiPath Test Automation using UiPath Test Suite series, part 3

Epistemic Interaction - tuning interfaces to provide information for AI support

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

DevOps and Testing slides at DASA Connect

FIDO Alliance Osaka Seminar: Overview.pdf

Capture The Flag

1. CaptureThe Flag 1

2. 2 Omar Mohamed Fathy Front-End Developer @ CyberTalents

3. AGENDA • How to earn money from bugs? • What is Bug bounty Program? • What is CTF Competitions? • Types of Challenges • What are Flags? • What is the write-up? • Who can play in the CTF? • CTF Competitions in Egypt • Demo... • CTF Resources 3

4. How to Earn Money From Bugs? 4

5. Bug Bounty Program? 5

6. 6

7. CTF Competitions 7

8. 8

9. CTF COMPETITIONS • Capture the Flag ( CTF) is an information security competition • where participants demonstrate their technical ability. • Jeopardy: Participants try to solve various challenges in different • categories. Participants get points for every challenge they solve, • the team with the highest number of points will be the winner. • Attack and Defense: Participants attack other contestants while • defending their own network/system, the team who was able to • attack other team and defend his system will be the winner. 9

10. WHAT IS CHALLENGE? 1 0

11. WHAT IS CHALLENGE? • Challenges are the questions that you have to solve to get points. • Every Challenge has a description, Difficulty level, category and number of points to solve. 11

12. TYPES OF CHALLENGES • Network Security • Web Security • Malware Reverse Engineering • Digital Forensics • Cryptography • General Knowledge • Others 12

13. WHAT ARE FLAGS? 1 3

14. WHAT ARE FLAGS? • Some sort of text/MD5 hash that you submit to CTF portal to get • the challenge points. • e.g. of flags : b1a1f2855d2428930e0c9c3ce10600d6 • flag{I_am_the_key}. 14

15. WHAT ISTHE WRITEUP? 1 5

16. WHAT ISTHE WRITEUP • This is a document or article describing the solution of a certain • challenge. • Reading write-ups is one of the main ways to get introduced to • CTFs. 16

17. WHO CAN PLAY INTHE CTF? 1 7

18. WHO CAN PLAY INTHE CTF? • Anyone can play CTF, However each category need a set of skills : • Development Skills, Network Skills, Web development skills. • Problem Solving Skills. • Patience and keep trying mentality. 18

19. CTF COMPETITIONS IN EGYPT 1 9

20. CTF COMPETITIONS IN EGYPT • EGYPT CYBER SECURITY NATIONAL CTF CyberTalents • CyberWar Games 20

21. DEMO... 2 1

22. CTF RESOURCES 2 2

23. CTF RESOURCES - PLAY • https://www.ctftime.org • https://www.cybertalents.com • https://www.hackthebox.eu • https://www.amanhardikar.com/mindmaps/Practice.html • https://www.vulnhub.com • https://www.root-me.org • https://www.certifiedsecure.com • http://www.wechall.net • https://www.ctflearn.com • https://www.ringzer0team.com • https://exploit-exercises.com 23

24. CTF RESOURCES - LEARN • https://trailofbits.github.io/ctf/index.html • http://www.openctf.com/html/firstctf.html • http://www.pentesteracademy.com • http://www.opensecuritytraining.info/Training.html • https://web.stanford.edu/class/cs253 • CyberTalents Webinars • Web Application Penetration Testing Course 24

25. THANKYOU! Omarmfathy219@gmail.Com Linkedin.com/in/omarmfathy219

Capture The Flag

Recommended

Recommended

More Related Content

Similar to Capture The Flag

Similar to Capture The Flag (20)

More from Omar Fathy

More from Omar Fathy (8)

Recently uploaded

Recently uploaded (20)

Capture The Flag