Category: CTF

Capture The Flag (CTF) Run By MetaCTF and Sponsored By CoreLight

The RVAsec Capture the Flag (CTF) competition is once again run by MetaCTF and sponsored by Corelight!

Capture the Flag is a hands-on security competition where participants are tasked with solving a variety of challenges covering a range of topics and difficulties with the goal of finding “flags.” Like last year, the competition will include both a jeopardy-style and an attack & defense component.

This CTF is beginner friendly. If you’ve never participated in one before, this is the perfect opportunity to start! We’ll host platform walkthroughs and provide a practice environment on Day 1 of the conference to help participants prepare. The actual competition will take place on Day 2. Among others, challenge categories will include web exploitation, reverse engineering, OSINT, cryptography, forensics, and binary exploitation.

This year the CTF is being held in the middle of the Expo hall. The action and energy is going to be the highlight of the conference this year!

Tuesday: 1 PM to 4 PM – CTF prep, stop by the CTF area anytime

Wednesday: 10 AM to 3 PM – CTF

You’ll need a laptop to participate. You may compete as an individual or in a team of up to 4. We have over $2,000 in prizes, plus free training and 2025 RVAsec conference tickets. 

Check out https://metactf.com/prep for additional preparation instructions.

MetaCTF is a cyber skills platform that helps companies assess, recruit, retain, and upskill cyber talent. We specialize in competition-based exercises, such as on-demand labs, traditional jeopardy-style CTFs, and attack & defense CTFs that can be used for tool/skill training, secure coding, security awareness, and more. If you’re interested in hands-on exercises or labs for your team, reach out to us at contact@metactf.com or learn more at https://metactf.com/


SafeBreach – RVAsec 12 CTF Sponsor

RVAsec is pleased to present SafeBreach as an RVAsec 12 CTF sponsor!

Continuously validate all layers of your security with breach and attack simulation (BAS) powered by threat intelligence.

https://www.safebreach.com/
Twitter: @safebreach


Capture The Flag (CTF) Run By MetaCTF and Sponsored By SafeBreach

The MetaCTF (https://metactf.com/) team is back for this year’s Capture the Flag competition!

We’ll be providing a practice environment on Day 1 of the conference to help participants prepare for the competition, find teams, and get familiar with the platform. If you’ve never participated in a CTF before, this is a perfect opportunity to get started! The actual competition will take place on Day 2. There will be plenty of challenges for participants at all skill levels, so whether you’re a seasoned CTF player or a beginner, there will be something for you! Among others, challenge categories will include web exploitation, reverse engineering, OSINT, cryptography, forensics, and binary exploitation.

You’ll need a laptop to participate. Teams can have up to 4 people, or you may compete as an individual.

For those who like to come prepared, we suggest that you have a VM or two ready. You can download Kali Linux here (https://www.kali.org/downloads/) or get a free Windows VM here (https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/) or here (https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/). Some tools that might be helpful include CyberChef (https://gchq.github.io/CyberChef/), BurpSuite, Ghidra, Pwntools, and Wireshark.

The MetaCTF team has been involved with the RVAsec CTF since 2016. They also run private cybersecurity training for technical employees. If you’re interested in learning more about the CTF at RVAsec or what MetaCTF has to offer, please reach out to roman[at]metactf.com.

Thank you to our CTF sponsor SafeBreach!

SafeBreach


Capture The Flag Is Happening!

The conference is right around the corner, and the MetaCTF (https://metactf.com/) team is hard at work preparing for this year’s Capture the Flag competition!

In keeping with the format of the past several years, we’ll be providing a practice environment on Day 1 of the conference to help participants prepare for the competition, find teams, and get familiar with the platform. If you’ve never participated in a CTF before, this is a perfect opportunity to get started!

The actual competition will take place on Day 2. There will be plenty of challenges for participants at all skill levels, so whether you’re a seasoned CTF player or a beginner, there will be something for you! Among others, challenge categories will include web exploitation, reverse engineering, OSINT, cryptography, forensics, and binary exploitation.

You’ll need a laptop to participate. Teams can have up to 4 people, or you may compete as an individual.

For those who like to come prepared, we suggest that you have a VM or two ready. You can download Kali Linux here (https://www.kali.org/downloads/) or get a free Windows VM here (https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/). Some tools that might be helpful include CyberChef (https://gchq.github.io/CyberChef/), BurpSuite, Ghidra, Pwntools, and Wireshark.

The MetaCTF team has been involved with the RVAsec CTF since 2016. If you’re interested in helping out with the CTF or have any questions, please reach out to roman[at]metactf.com

We are still looking for a sponsor for the CTF.  Please consider supporting the conference and help us provide a great experience and amazing prizes!


RVAsec 8 CTF Sponsored by Capital One

It’s that time of year again! RVAsec is right around the corner, and the MetaCTF Team as well as a small army of volunteers are hard at work preparing some exciting challenges for this year’s competition. In keeping with the format of the past several years, we’ll be running a practice CTF on the first day of the conference (Wednesday, May 22nd). This will be a great opportunity to get familiar with the platform, and if you’ve never done a CTF before, a perfect time to try one out with plenty of people on hand to help!

On Day 2 (Thursday, May 23rd), we’ll be running the actual competition. Even though it will contain some hard challenges, this is a learning CTF – not a stump-the-chump competition. As such, there will be plenty of challenges including lockpicking, recon, web & binary exploitation, forensics/IR, and more designed for people of all levels and backgrounds. Additionally, you may choose to compete as an individual or form teams of up to 4 people – there are separate prize categories for both.

You will need an updated Kali machine, but we will provide everything else. In addition, we’re excited to announce that Capital One will be sponsoring the CTF this year!

Below is a list of some of the skills/topics that have been covered in previous years:

Entry Level: Primarily aimed at beginners and those with a less technical background, focusing on basic infosec skills and concepts.

  • Rot N encoding
  • Google Fu / OSINT
  • Examining website source code
  • Basic file analysis (eg. file, strings)
  • Trivia

Intermediate: Expect to begin taking a deep dive into the core categories by finding and exploiting vulnerabilities, cracking passwords, etc.

  • Extracting objects from Wireshark dump
  • SQL Injection
  • Recovering and analyzing forensic artifacts
  • Cracking password hashes (using john, Hashcat, etc)
  • Reverse Engineering and Disassembly

Hard: For our battle-hardened, seasoned CTF players which will challenge competitors to truly think outside the box, crack encryption, exploit binaries, and more.

  • Blacklist filter evasion for SQL Injection
  • Binary Exploitation (buffer overflows and ROP chains!)
  • Cracking RSA Encryption
  • Multi-step OSINT investigation
  • Hardware / Wireless 🙂

Finally, good luck to everyone, and we’ll see you in Richmond soon!

CapitalOne


CTF Sponsor: Capital One

We are very pleased to announce Capital One is our sponsor for the CTF this year! Please stop by and say hi to their representatives in the Capture the Flag room.

www.capitalone.com

@CapitalOne

RVAsec 2019.  Register now!


RVAsec 7 CTF Prizes

RVAsec 2018 is just a few days away, which means it’s almost time for another CTF! As mentioned in our first blog post, we have some exciting problems planned in topics ranging from cryptography to web and binary exploitation to lockpicking and badge hacking. The actual CTF will take place on Friday, June 8th all day, but we’ll have some practice challenges set up on Thursday.

Thanks to Crowdstrike as well as Offensive Security and Netsparker, we have some really exciting prizes. As done in the past, we will have two separate prize tiers: you can either compete individually or in teams of up to 5 people. The top 3 individuals and teams in each category will be guaranteed a prize, and the remaining prizes will be distributed to the next highest individuals/teams. Priority will be given to the highest finishing competitors/teams (1st place chooses first, then 2nd, etc), with the top 3 individuals picking first, followed by the top 3 teams.

As one last note, you’ll be able to connect to the CTF stuff both wired and wirelessly. As we don’t have enough hardware to allow everyone to connect via a wired connection, you are encouraged to bring your own switch and long Cat5 cable.

Without further ado, the RVAsec CTF 2018 prizes:

● 2x Offensive Security PWK Course with 30 days of lab + OSCP Certification
● 2х Netsparker License
● 2x Hak5 WiFi Pineapple Tetra Tactical
● 2x Hak5 Bash Bunny
● 2x Hak5 Rubber Ducky
● 3x Holy Stone Racing FPV Drone
● 2x Anker PowerCore Speed 20000 Portable Charger
● 1x $250 Visa Gift Card
● 2x $100 Visa Gift Card


RVAsec 7 CTF

The CTF crew is once again hard at work preparing challenges for this year’s competition. As in the past, the first day of the conference will be CTF prep while the actual competition will take place on Day 2 (Friday, June 8th). Even though it will contain some hard challenges, this is a learning CTF – not just a bash-your-head-against-the-wall competition. As such, there will be plenty of challenges from lockpicking to recon and web exploitation for people of all levels and backgrounds. Additionally, you may choose to compete as an individual or form teams of up to 5 people – there are separate prize categories for both.

You will need an updated Kali machine, but we will provide everything else.

Below is a list of some of the skills/topics that have been covered in previous years.

Entry Level: Primarily aimed at beginners and those with a less technical background, focusing on basic infosec skills and concepts.

  • Rot N encoding
  • Google Fu / OSINT
  • Examining website source code
  • Basic file analysis (eg. file, strings)
  • Trivia

Intermediate: Expect to begin taking a deep dive into the core categories by finding and exploiting vulnerabilities, cracking passwords, etc.

  • Extracting objects from Wireshark dump
  • SQL Injection
  • URL Fuzzing
  • Cracking password hashes (using john, Hashcat, etc)
  • Reverse Engineering and Disassembly

Hard: For our battle-hardened, seasoned CTF players which will challenge competitors to truly think outside the box, crack encryption, exploit binaries, and more.

  • Blacklist filter evasion for SQL Injection
  • Binary Exploitation (buffer overflows and more)
  • Cracking RSA Encryption
  • Multi-step OSINT investigation
  • Hardware

In addition, we are always looking for volunteers to help out with creating and testing all of the problems. If that interests you, please reach out to us at contact [at] metactf.com, and we’ll add you to the mailing list.

We are pleased to announce that CrowdStrike has sponsored the CTF this year!

Finally, good luck to everyone and we’ll see you in June!

 


CTF Sponsor: Capital One

www.capitalone.com

@CapitalOne

Capital One

We are very pleased to announce Capital One is our sponsor for the CTF this year! Please stop by and say hi to their representatives in the Capture the Flag room.

RVAsec 2016 Register now!

 


Come one, Come all – It’s CTF 2016 time!

The RVAsec CTF team is beginning the setup and planning phase of the 2016 conference.  As many of you know, we pride ourselves with this CTF being an all-inclusive learning CTF and not just a ‘stump the chump / who’s the best engineer in the room’ kind of CTF. That said, we need volunteers to come up with fresh ideas, challenges, and setups that are both fun and informative. Additionally, we do want to provide a challenge for those who show up looking for one, so if you are a more advanced user or admin and have some killer challenges that can stump someone, we’ll need those too for the higher tiers.

Speaking of Tiers, we plan to have 3 or 4 tiers this year and they will be as follows:

Tier 1 -Beginner

This tier will comprise the majority of the challenges and points ideally. Challenges in this category should be purely beginner level challenges. Some examples of year past are:

 Connecting to SSH and copying part of the SSH key as the flag

 Looking in web page source code for the flag

 Trivia questions related to IT / Hacking History / Etc.

 Wireshark dumps of plain text authentications

 Port and/or device identification (that’s port 25, used for SMTP, running on a Raspberry pi, identified by its MAC OUI)

Tier 2 – Moderate

This is a moderate tier geared more towards people who digging deeper into Security and the different facets it includes as well as experienced Pentesters. Some examples from the past:

 XOR code samples with python

 Heartbleed exploit to retrieve login information

 Local privilege escalation to find the Flag

 SQL injection

 MS08-67 Exploits

 Brute force SSH or SFTP sites

 DFIR recovery and artifact location

Tier 3 – Hard

The hard tier, built mainly with ‘stump the chump’ challenges that are for the seasoned CTF player and people solely after winning prizes and spending the whole con in the CTF:

 Reverse engineering samples

 Malware C2 traffic Analysis

 Chained exploits

 Ghost services that have to fuzzed

 Firmware disassembly

Tier 4 – Hardware

Hopefully, we will be able to include various hardware challenges this year with the help of HackRVA as we have in the past, this tier will be specific to the Badges but we are always open to including other Hardware or IoT related challenges in at this level, so any idea, let us know!

So all that said – Come help out! If you are interested in assisting, please send an email to Mike Bailey and we’ll add you to the mailing list going forward as we begin to work it all out.

We are looking for a sponsor for the CTF, if you are interested please contact us to discuss!

Thanks and we will provide more updates as they happen!