Category: CTF

RVAsec CTF: What to expect this year!

Last year RVAsec had its first CTF and it was a huge success.   The team has been planning to make the event this years even better and have a lot in store.  We caught up with Chris Gerling to get some information on what to expect this year.
(RVAsec) The CTF was aimed to be a bit of a different take than normal and huge hit at last year’s at RVAsec. Can you tell us a little about it?
Chris: We wanted to build an “Everyman” CTF, which allowed people from all skill levels and professions to participate and learn. Our goal was education, and to give people a platform for that to happen on. The trick was balancing easy challenges with medium and very difficult as well, giving everyone a challenge without making them feel too confused. We believe it worked very well.
(RVAsec) How many people participated? How did the RVAsec attendees do with the CTF?
Chris: 37 people ended up participating and nearly all scored on at least one challenge. It was really awesome to see people learning and solving problems, and even surprising themselves with what they could figure out.
(RVAsec) What were some things that you learned from last year?
Chris: We learned that the registration process needs to be cleaner, and we need to do a better job of keeping track of people for giving our prizes. It’s also going to be beneficial to have the event more organized with goals we want to hit in terms of announcements, at every stage of the event.
Hardware wise, we’re using a smaller machine that doesn’t weigh as much. The AP we used, which was a WNDR4500 held up well, but we’re going to augment that this year and look into providing wired access.
(RVAsec) What are the plans for the CTF this year?
Chris: We plan on offering a similar style CTF, with a tiered approach. Possible additions are a more robust story line, and a free 1 hour seminar for brand new participants who have never done a CTF before.
(RVAsec) If someone wanted to participate, what would you recommend they do to prepare?

Chris: There are a plethora of tutorials available on youtube and securitytube. There are also challenges available at that are really great to learn on.  Getting familiar with tools like Wireshark, and basic command line usage in a distribution such as Kali Linux will be very valuable.  From a DFIR standpoint downloading and learning the SANS SIFT workstation is also one way to learn forensics tools.

(RVAsec) Can you give attendees any hints or teasers about the CTF?
Chris: Only if you bring us some beer. 😉  We’ll actually be releasing some teasers once we’ve got more content built out in the coming weeks!
(RVAsec) How do people sign up to participate?
Chris:  You can register for the CTF when you purchase your ticket for RVAsec, or directly on the SecuraBit web site.

(RVAsec)  Do you need any help?  If so, what and how can people or companies help out?
Chris: We can always use help in creating this. We’re really ramping up over the next few weeks and starting to build things. If you want to build a challenge, or have any content at all you want to contribute, we definitely need that. If you’re really motivated and want to push on us all to do the best job we can, we’d love to have you on the team.

Sponsors are welcomed if any want to donate prizes to give away. We will give you a shout out and display your logo on the scoreboard.
(RVAsec) Anything else?
We can’t wait to see people learn again, and are very grateful to have a place to put this event on in RVAsec!  If you want to get involved, have questions or want to sponsor please contact us at

RVAsec CTF Update

RVAsec is just about a week away and we are excited for many reasons!

This year’s conference marks several firsts:

  • two days of talks
  • two speaker tracks
  • and of course the first RVAsec Capture the Flag (CTF) event!

For more details about the CTF, please check out

We’ve had a number of people pre-register (, which is fantastic, and you can pre-register all the way up to the day before CTF. The only requirements are that you are an RVAsec attendee and you bring your own laptop. You can even show up to the CTF and participate without pre-registration, space permitting.

And, of course, there are prizes!

1st Place – Nexus 7 PwnPad
2nd Place – Raspberry Pi
3rd Place – 1 BSides Las Vegas ticket
4th Place – 1 BSides Las Vegas ticket
5th Place – The highest of fives

RVAsec Capture The Flag Update!

The RVAsec Capture The Flag (CTF) is getting close. The details below are meant to ensure participants are prepared for it! We’re excited to invite anyone and everyone who is interested in learning and exploring different IT/infosec tools and techniques in hands-on, practical exercises, to join us.

WHEN: 06/01/2013 – 10am-2pm.  The exact time is subject to change but it will be on Saturday.

WHERE: We will have a table at the conference.  You must be a registered conference attendee to participate.

WHO: Living humanoid-ish… seriously, this is for everyone from hobbyists, sys/net admins, infosec pros, tinkerers, makers, fixers and breakers… come out and play. We’ll all teach, learn and grow together!


  • DO bring a network-enabled laptop.

  • DO have the ability to run Backtrack 5r3 (, Pentoo ( or Kali Linux ( either as a virtual machine, from bootable media (CD/DVD flash drive), or installed as your OS. Most of the scenarios in the CTF can be completed with the tools within these security-centric Linux distributions. Not a requirement, per se, but a BIG recommendation.

  • DO understand that the CTF network is a closed private network, and will not have Internet access. CTF Participants will have the ability to connect to a separate guest wireless network with Internet access for research, tool downloads, etc., during the event, but will have to disconnect from the CTF network to do so.

  • DO listen to and respect any instructions and guidance provided at the event. We want to provide an environment that is conducive to learning, tinkering, exploring and having a good time.


  • DON’T use words or phrases like “irregardless”, “all of the sudden”, “cybergeddon” or “cyber Pearl Harbor”.

  • DON’T feed or pet any of the conference organizers or volunteers.

  • DON’T attack any other CTF participants or any VCU devices (logically, physically or emotionally).

Pre-Register: If you plan to participate in the CTF we ask that you pre-register here: for administrative purposes.  The first 20 people will receive a free 8GB USB 3.0 Flash Drive! (You have to show up and participate!)

Sponsor: We are still seeking sponsors to help with the CTF costs.  If you are interested or know someone that would be willing to support the CTF please contact

Hope to see you there!  If you have any questions please let us know!

New Style Of Capture The Flag (CTF) Coming To RVAsec!

RVAsec had an amazing inception last year, and we have been busy at work planning the second iteration, which will take place from May 30th to June 1st, 2013 on the VCU campus in Richmond, VA.  This year’s event should be every bit as exciting and full of great opportunities to learn and connect with your fellow colleagues.

In conjunction with the SecuraBit podcast (which is also in Richmond), members of the richSEC organization are putting together a Capture the Flag (CTF) event to be held during the conference.  The goal of the CTF is not simply to be a venue for folks to flex their tech skills, but rather an interactive learning/demonstration of real world scenarios that affect anyone that has a computer network.

The team has been hard at work coming up with what we like to call an “everyman” type of CTF. Not elitist, not intimidating and something that won’t take up all of a participant’s time at the con; a CTF where any level of IT participate. Whether you’re a student, a hobbyist, or don’t even have the word “security” in your job description, we’ve got something you will be able to play with and actually learn from!  That’s our challenge:  to ensure some folks aren’t intimidated by what we have up, but also not to bore anyone with simplicity.

The CTF’s goal: everyone involved is challenged, forced to use critical thinking (not just push the easy button on a tool) and has “ah ha!” moments.  We want anyone to look at a challenge and say “That could really happen in my environment! Let’s fix that!”.  Security professionals who have not had firsthand experience with how penetration testing takes place will also see some of the attack vectors that can be used (not just MS08-067). The penetration testers and reverse engineers out there will hopefully find themselves challenged as well.

We will provide more information as it becomes available.  If you are interested in helping please let us know!