Tag: ctf

RVAsec 8 CTF Sponsored by Capital One

It’s that time of year again! RVAsec is right around the corner, and the MetaCTF Team as well as a small army of volunteers are hard at work preparing some exciting challenges for this year’s competition. In keeping with the format of the past several years, we’ll be running a practice CTF on the first day of the conference (Wednesday, May 22nd). This will be a great opportunity to get familiar with the platform, and if you’ve never done a CTF before, a perfect time to try one out with plenty of people on hand to help!

On Day 2 (Thursday, May 23rd), we’ll be running the actual competition. Even though it will contain some hard challenges, this is a learning CTF – not a stump-the-chump competition. As such, there will be plenty of challenges including lockpicking, recon, web & binary exploitation, forensics/IR, and more designed for people of all levels and backgrounds. Additionally, you may choose to compete as an individual or form teams of up to 4 people – there are separate prize categories for both.

You will need an updated Kali machine, but we will provide everything else. In addition, we’re excited to announce that Capital One will be sponsoring the CTF this year!

Below is a list of some of the skills/topics that have been covered in previous years:

Entry Level: Primarily aimed at beginners and those with a less technical background, focusing on basic infosec skills and concepts.

  • Rot N encoding
  • Google Fu / OSINT
  • Examining website source code
  • Basic file analysis (eg. file, strings)
  • Trivia

Intermediate: Expect to begin taking a deep dive into the core categories by finding and exploiting vulnerabilities, cracking passwords, etc.

  • Extracting objects from Wireshark dump
  • SQL Injection
  • Recovering and analyzing forensic artifacts
  • Cracking password hashes (using john, Hashcat, etc)
  • Reverse Engineering and Disassembly

Hard: For our battle-hardened, seasoned CTF players which will challenge competitors to truly think outside the box, crack encryption, exploit binaries, and more.

  • Blacklist filter evasion for SQL Injection
  • Binary Exploitation (buffer overflows and ROP chains!)
  • Cracking RSA Encryption
  • Multi-step OSINT investigation
  • Hardware / Wireless 🙂

Finally, good luck to everyone, and we’ll see you in Richmond soon!


CTF Sponsor: Capital One

We are very pleased to announce Capital One is our sponsor for the CTF this year! Please stop by and say hi to their representatives in the Capture the Flag room.



RVAsec 2019.  Register now!

CTF Sponsor – Rapid7



We are very pleased to announce Rapid7 is our sponsor for the CTF this year! Please stop by and say hi to their representatives in the Capture the Flag room.

RVAsec 2017 Register now!

CTF Sponsor: Capital One



Capital One

We are very pleased to announce Capital One is our sponsor for the CTF this year! Please stop by and say hi to their representatives in the Capture the Flag room.

RVAsec 2016 Register now!


CTF: New Hybrid Challenge Includes Live Bug Hunting!

ctfThe RV4sec CTF dev team has been hard at work for the last few months cooking up some great new challenges for this year’s Capture the Flag (CTF) event. We’re sticking with the tiered approach in an effort to bring a healthy mix of educational challenges, along with more difficult “hack the Gibson” challenges.

However, this year’s CTF has a new twist! We are combining the CTF you know and love with live bug hunting with the help of Bugcrowd!  Bugcrowd has run Bug Bashes at conferences before, but we are taking it to the next level at RV4sec: we’ll be incorporating aspects of the live Bugcrowd bug bounty system into the CTF scoring.  This means you can get involved in finding real live bugs on systems and they will count for points in the CTF. Isn’t that excellent?!

BugcrowdThe CTF has been a big success the last few years, and we are working hard to ensure that it continues to educate and provide a fun, safe environment to learn many aspects of IT, IT security, hacking and defending.

We are also working with Bugcrowd to allow CTF participants the ability to give back to the community. We are working on a process to allow local companies and not-for-profit organizations the ability to sign up to have their security tested as part of the CTF.  The live bug hunting aspect will provide real organizations security testing so they can better understand and improve the security posture of their online presence. In the end, isn’t that what IT security should be about?  We hope to provide more information on this very soon!

The CTF team is a mix of folks from many different facets of IT: we’ve got incident responders, hacker trackers, IT directors, pentesters, IT managers and everything in between. These folks have a passion for technology, enjoy exploratory dives into interesting problems, and want to share the joy, fun, frustration, learning, and general shenanigans that make the RV4sec CTF so much fun!

Our hope is that a healthy mix of folks will also come to participate in the free CTF hosted at RV4sec. We want everyone to come out and play, whether you’re new to tech, or you remember putting your first program on punch cards. Come out, plug in (well it’ll be wireless, but…) and get hacking, teaching, and learning.

Also, feel free to tweet us things you’d like to see in the CTF. It’s getting close but there may be time to get the ideas into a challenge. Use hashtag #rv4secctf and tweet to @pipefish_@mpbailey1911, or even @RVAsec with ideas and we’ll see what we can do.

Come out to the RV4sec conference and enjoy the training, the talks, and plan to stop by the CTF for some hackery!

Thanks again to UNOS for sponsoring the CTF, as well as the other organizations donating prizes.

We’ll see you there, and keep your eyes peeled for more information soon!


RVAsec CTF Update

RVAsec is just about a week away and we are excited for many reasons!

This year’s conference marks several firsts:

  • two days of talks
  • two speaker tracks
  • and of course the first RVAsec Capture the Flag (CTF) event!

For more details about the CTF, please check out http://rvasec.com/ctf/

We’ve had a number of people pre-register (http://securabit.com/ctf/), which is fantastic, and you can pre-register all the way up to the day before CTF. The only requirements are that you are an RVAsec attendee and you bring your own laptop. You can even show up to the CTF and participate without pre-registration, space permitting.

And, of course, there are prizes!

1st Place – Nexus 7 PwnPad
2nd Place – Raspberry Pi
3rd Place – 1 BSides Las Vegas ticket
4th Place – 1 BSides Las Vegas ticket
5th Place – The highest of fives