Ctf-foo: Difference between revisions

From Chaosdorf Wiki
(Added some information to each of the events)
(Removed the event from this page, as it exists in the individual event pages for the according days. It shouldn't appear in the calendar duplicated now.)
 
(29 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{Event
An event focused on "Capture the Flag" Events. The main point here is to get people into the security field in a welcoming way and provide a space for interested people to exchange knowledge.
|Title=CTF foo
|Description=Capture The Flag foo
|Type=Meet-Up
|Date=every other saturday
|Start=14:00
|Host=hanemile
|isRelevant=Yes
}}


Alles 2 Wochen Samstag 14:00 - ...
The individual events which take place every two weeks at 14:00 and have a dedicated topic, but we're also quite flexible and can look into other stuff (So if you've got a topic you might be interested in, bring it up!).


== 2022-03-05-ctf-foo-assembly-basics ==
We'll look at specific topics at each event and maybe play some CTF that is currently running afterwards in order to try out our newly learnt skills.


* Memory
If you've got anything regarding the event, just ping {{U|hanemile}}.
* Register
* "code" (Assembly)
* Functions (calling conventions)
* Buffers
* ... (add stuff here that might fit here)


== 2022-03-19-ctf-foo-linux ==
Here's a list of the past events giving you a brief idea on what we're doing:


* Syscalls
{{#ask:
* Interrupts
  [[has title::CTF foo]]
* Kernel
  [[Category:Events]]
* Process
  |?has description
* Init
  |sort=Has Date
* Boot process
  |order=ascending
* Filesystems
  |format=datatable
* Permissions
}}
* Uid, Gid
* ... (add stuff here that might fit here)
 
== 2022-04-02-ctf-foo-buffer-overflow ==
 
* Recap: functions (calling conventions)
* Recap: buffers
* What do we overwrite?
* What implications can overwriting data have?
* ... (add stuff here that might fit here)
 
== 2022-04-16-ctf-foo-shellcode ==
 
* What is shellcode?
* Why learn to do stuff with it?
* What can we do with it?
* What problems might arise?
* How can we solve the problems that arise?
* ... (add stuff here that might fit here)
 
== 2022-04-30-ctf-foo-infoleaks ==
 
* How can information be leaked?
* Why leak information?
* ... (add stuff here that might fit here)
 
== 2022-05-14-ctf-foo-rop ==
 
* What is the initial problem leading to us ropping?
* What is "rop"?
* Why "rop"?
* Recap: buffer-overflow
* Recap: infoleaks
* How can we leak foo using rop?
* How can we find more gadgets?
* How can we pop a shell?
* ... (add stuff here that might fit here)
 
== 2022-05-28-ctf-foo-mitigations ==
 
* Start at 0, what are the problems?
* What mitigations exist (on a high level)?
* For each problem, what mitigation solves the problem?
* How can we bypass the mitigations?
* ... (add stuff here that might fit here)
 
== 2022-06-11-ctf-foo-reversing ==
 
* What is reversing?
* How do we reverse?
* What tools to we use?
* What should be looked at in more detail?
* Qiling
* ... (add stuff here that might fit here)
 
== 2022-06-25-ctf-foo-heap-basics ==
 
* What primitives exist?
* How do they work?
* How to read the "docs" (aka. glibc code)
* How to inspect the heap
* Getting comfy with debugging hooks
* ... (add stuff here that might fit here)
 
== 2022-07-09-ctf-foo-heap-techniques ==
 
* What's broken?
* How do we identify broken stuff?
* How do we break it?
* ... (add stuff here that might fit here)
 
== 2022-07-23-ctf-foo-race-conditions ==
 
* What are race conditions?
* Where do they arise?
* How can we identify them?
* How con we exploit them?
* TOCTOU
* ... (add stuff here that might fit here)
 
== 2022-08-06-ctf-foo-fuzzing ==
 
* What is fuzzing?
* Why fuzz stuff
* How to fuzz stuff
* Concept (Mutation, Coverage, Snapshots, ...)
* Harnessing a target, what to look out for
* ... (add stuff here that might fit here)
 
== 2022-08-20-ctf-foo-kernel-security ==
 
* What is the kernel?
* How can we interact with it?
* What might break?
* How can we break it?
* ... (add stuff here that might fit here)
 
== 2022-09-03-ctf-foo-symbolic-execution ==
 
* What is symbolic execution?
* Into: z3
* Intro: angr
* Problems: Path explosion
* ... (add stuff here that might fit here)
 
== 2022-09-17-ctf-foo-automated-program-analysis ==
 
* What can be automated?
* What can't be automated? (and why not?)

Latest revision as of 18:42, 31 March 2022

An event focused on "Capture the Flag" Events. The main point here is to get people into the security field in a welcoming way and provide a space for interested people to exchange knowledge.

The individual events which take place every two weeks at 14:00 and have a dedicated topic, but we're also quite flexible and can look into other stuff (So if you've got a topic you might be interested in, bring it up!).

We'll look at specific topics at each event and maybe play some CTF that is currently running afterwards in order to try out our newly learnt skills.

If you've got anything regarding the event, just ping hanemile.

Here's a list of the past events giving you a brief idea on what we're doing:

 Has description
Ctf-foo/2022-03-05Assembly Basics
Ctf-foo/2022-03-19Linux
Ctf-foo/2022-04-02Cryptography
Ctf-foo/2022-04-16Shellcode
Ctf-foo/2022-05-07Infoleaks
Ctf-foo/2022-05-14Return Oriented Programming
Ctf-foo/2022-05-28Mitigations
Ctf-foo/2022-06-11Reversing
Ctf-foo/2022-06-25Heap basics
Ctf-foo/2022-07-09Heap techniques
Ctf-foo/2022-07-23Race Conditions
Ctf-foo/2022-08-06Fuzzing
Ctf-foo/2022-08-20Kernel Security
Ctf-foo/2022-09-03Symbolic execution