Category: CTF

RVAsec Capture The Flag Update!

The RVAsec Capture The Flag (CTF) is getting close. The details below are meant to ensure participants are prepared for it! We’re excited to invite anyone and everyone who is interested in learning and exploring different IT/infosec tools and techniques in hands-on, practical exercises, to join us.

WHEN: 06/01/2013 – 10am-2pm.  The exact time is subject to change but it will be on Saturday.

WHERE: We will have a table at the conference.  You must be a registered conference attendee to participate.

WHO: Living humanoid-ish… seriously, this is for everyone from hobbyists, sys/net admins, infosec pros, tinkerers, makers, fixers and breakers… come out and play. We’ll all teach, learn and grow together!

WHAT TO DO:

  • DO bring a network-enabled laptop.

  • DO have the ability to run Backtrack 5r3 (http://www.backtrack-linux.org/downloads/), Pentoo (http://www.pentoo.ch/) or Kali Linux (http://www.kali.org/) either as a virtual machine, from bootable media (CD/DVD flash drive), or installed as your OS. Most of the scenarios in the CTF can be completed with the tools within these security-centric Linux distributions. Not a requirement, per se, but a BIG recommendation.

  • DO understand that the CTF network is a closed private network, and will not have Internet access. CTF Participants will have the ability to connect to a separate guest wireless network with Internet access for research, tool downloads, etc., during the event, but will have to disconnect from the CTF network to do so.

  • DO listen to and respect any instructions and guidance provided at the event. We want to provide an environment that is conducive to learning, tinkering, exploring and having a good time.

WHAT NOT TO DO:

  • DON’T use words or phrases like “irregardless”, “all of the sudden”, “cybergeddon” or “cyber Pearl Harbor”.

  • DON’T feed or pet any of the conference organizers or volunteers.

  • DON’T attack any other CTF participants or any VCU devices (logically, physically or emotionally).

Pre-Register: If you plan to participate in the CTF we ask that you pre-register here: http://securabit.com/ctf/ for administrative purposes.  The first 20 people will receive a free 8GB USB 3.0 Flash Drive! (You have to show up and participate!)

Sponsor: We are still seeking sponsors to help with the CTF costs.  If you are interested or know someone that would be willing to support the CTF please contact sponsors@rvasec.com

Hope to see you there!  If you have any questions please let us know!


New Style Of Capture The Flag (CTF) Coming To RVAsec!

RVAsec had an amazing inception last year, and we have been busy at work planning the second iteration, which will take place from May 30th to June 1st, 2013 on the VCU campus in Richmond, VA.  This year’s event should be every bit as exciting and full of great opportunities to learn and connect with your fellow colleagues.

In conjunction with the SecuraBit podcast (which is also in Richmond), members of the richSEC organization are putting together a Capture the Flag (CTF) event to be held during the conference.  The goal of the CTF is not simply to be a venue for folks to flex their tech skills, but rather an interactive learning/demonstration of real world scenarios that affect anyone that has a computer network.

The team has been hard at work coming up with what we like to call an “everyman” type of CTF. Not elitist, not intimidating and something that won’t take up all of a participant’s time at the con; a CTF where any level of IT participate. Whether you’re a student, a hobbyist, or don’t even have the word “security” in your job description, we’ve got something you will be able to play with and actually learn from!  That’s our challenge:  to ensure some folks aren’t intimidated by what we have up, but also not to bore anyone with simplicity.

The CTF’s goal: everyone involved is challenged, forced to use critical thinking (not just push the easy button on a tool) and has “ah ha!” moments.  We want anyone to look at a challenge and say “That could really happen in my environment! Let’s fix that!”.  Security professionals who have not had firsthand experience with how penetration testing takes place will also see some of the attack vectors that can be used (not just MS08-067). The penetration testers and reverse engineers out there will hopefully find themselves challenged as well.

We will provide more information as it becomes available.  If you are interested in helping please let us know!