WHAT IS CTF?
CTF (Capture The Flag) is a type of information security competition that challenges contestants to find solutions or complete various tasks. These tasks range from hunting for information from Wikipedia or the internet to basic programming exercises to intermediates aimed at hacking your way into a server to retrieve data
. In general, contestants will be asked to find certain text that has been hidden behind web pages, servers or in images. This text is usually referred to as the flag. Like many other competitions, the skill level or difficulty for CTF varies greatly between events. Some of the competitions are targeted at professionals with experience operating in cybersecurity teams, and some are targeted at students who are new to cybersecurity in order to hone their skills and increase their knowledge. For students, the prizes given are usually financial support for education for those who succeed in becoming champions in competitions, then for professionals, usually large cash prizes.
TYPES OF CTF (in summary)
According to CTF-time, CTF is divided into various types. In summary, the jeopardy style CTF provides a list of challenges and reward points for individuals or teams who successfully complete or find a challenge solution, then the group with the most points wins. Next, there is attack/defense style CTF, this type of CTF focuses on attacking the opponent's server and defending your own server. Usually this type of CTF is intended for those who are very experienced in the world of cybersecurity and this type of CTF is carried out in a specific physical location.
JEOPARDY CHALLENGES
CATEGORY | ABOUT |
---|---|
Web Exploitation | Usually Involves SQL Injection , Command Injection , Directory Traversal , XSS , Server Side Request Forgery , and Cross Site Request Forgery |
Cryptography | XOR, Caesar Cipher, RSA, Stream Ciphers, Vigenere Cipher, Hashing Functions, Block Ciphers, Substitution Cipher. |
Binary Exploitation | Common topics addressed by Binary Exploitation are Registers , The Stack , Buffers , Global Offset Table , Calling Conventions , Return Oriented Programming , Binary Security , The Heap , Format String Vulnerability . |
Reverse Engineering | Usually involves Assembly , C , Disassemblers , and Decompilers . |
Forensics | Forensics is a way to recover data left on a computer. there are tons of methods out there to find deleted, unsaved, or worse, secretly recorded data. An important part of Forensics is having the right tools and being familiar with file formats , EXIF data , WireShark , Steganography , and Disk Imaging . |
FUN-FACT
1. CTF can be played as an individual or in a team.
2. It is known that many challenges do not require programming knowledge and only
rely on problem solving skills and creative thinking.
picoCTF's Solution
No. | Problems | Category | Website | Year | Points | Result |
---|---|---|---|---|---|---|
1. | Obedient Cat | General Skills | picoCTF | 2021 | 5 |
|
2. | Mod 26 | Cryptography | picoCTF | 2021 | 10 |
|
3. | Wave a flag | General Skills | picoCTF | 2021 | 10 |
|
4. | Nice netcat... | General Skills | picoCTF | 2021 | 15 |
|
5. | Python Wrangling | General Skills | picoCTF | 2021 | 10 |
|
6. | Information | Forensics | picoCTF | 2021 | 10 |
|
7. | GET aHEAD | Web Exploitation | picoCTF | 2021 | 20 |
|
8. | Insp3ct0r | Web Exploitation | picoCTF | 2019 | 50 |
|
9. | where are the robots | Web Exploitation | picoCTF | 2019 | 100 |
|
10. | Secrets | Web Exploitation | picoCTF | 2022 | 200 |
|
11. | Local Authority | Web Exploitation | picoCTF | 2022 | 100 |
|
12. | Roboto Sans | Web Exploitation | picoCTF | 2022 | 200 |
|
13. | Search Source | Web Exploitation | picoCTF | 2022 | 100 |
|
14. | Includes | Web Exploitation | picoCTF | 2022 | 100 |
|
15. | Inspect HTML | Web Exploitation | picoCTF | 2022 | 100 |
|
16. | morse-code | Cryptography | picoCTF | 2022 | 100 |
|
17. | unpackme.py | Reverse Engineering | picoCTF | 2022 | 100 |
|
18. | Power Cookie | Web Exploitation | picoCTF | 2022 | 200 |
|
19. | don't-use-client-side | Web Exploitation | picoCTF | 2019 | 100 |
|
20. | picobrowser | Web Exploitation | picoCTF | 2019 | 200 |
|
21. | logon | Web Exploitation | picoCTF | 2019 | 100 |
|
22. | Client-side-again | Web Exploitation | picoCTF | 2019 | 200 |
|
23. | Irish-Name-Repo 1 | Web Exploitation | picoCTF | 2019 | 300 |
|
23. | Irish-Name-Repo 2 | Web Exploitation | picoCTF | 2019 | 350 |
|
24. | Basic-mod1 | Cryptography | picoCTF | 2022 | 100 |
|
25. | 13 | Cryptography | picoCTF | 2019 | 100 |
|
26. | Basic-mod2 | Cryptography | picoCTF | 2022 | 100 |
|
27. | file-run1 | Reverse Engineering | picoCTF | 2022 | 100 |
|
28. | Cookies | Web Exploitation | picoCTF | 2021 | 40 |
|
28. | credstuff | Cryptography | picoCTF | 2022 | 100 |
|
29. | Vigenere | Cryptography | picoCTF | 2022 | 100 |
|
29. | rail-fence | Cryptography | picoCTF | 2022 | 100 |
|
30. | substitution0 | Cryptography | picoCTF | 2022 | 100 |
|
31. | buffer overflow 0 | Binary Exploitation | picoCTF | 2022 | 100 |
|
32. | Packets Primer | Forensics | picoCTF | 2022 | 100 |
|
33. | St3g0 | Forensics | picoCTF | 2022 | 300 |
|
34. | Transformation | Reverse Engineering | picoCTF | 2022 | 20 |
|
35. | Enhance! | Forensics | picoCTF | 2022 | 100 |
|
36. | Eavesdrop | Forensics | picoCTF | 2022 | 300 |
|
37. | Sleuthkit Intro | Forensics | picoCTF | 2022 | 100 |
|
38. | Lookey here | Forensics | picoCTF | 2022 | 100 |
|
39. | Redaction gone wrong | Forensics | picoCTF | 2022 | 100 |
|
40. | file-run2 | Reverse Engineering | picoCTF | 2022 | 100 |
|
41. | patchme.py | Reverse Engineering | picoCTF | 2022 | 100 |
|
42. | substitution1 | Cryptography | picoCTF | 2022 | 100 |
|
43. | substitution2 | Cryptography | picoCTF | 2022 | 100 |
|
44. | SQL Direct | Web Exploitation | picoCTF | 2022 | 200 |
|
45. | SQLiLite | Web Exploitation | picoCTF | 2022 | 300 |
|
46. | basic-file-exploit | Binary Exploitation | picoCTF | 2022 | 100 |
|
47. | Safe Opener | Reverse Engineering | picoCTF | 2022 | 100 |
|
48. | Bloat.py | Reverse Engineering | picoCTF | 2022 | 200 |
|
49. | Forbidden Paths | Web Exploitation | picoCTF | 2022 | 200 |
|
50. | Web Gauntlet 2 | Web Exploitation | picoCTF | 2021 | 170 |
|
51. | Web Gauntlet | Web Exploitation | picoCTF | 2020 Mini | 200 |
|
52. | Fresh Java | Reverse Engineering | picoCTF | 2022 | 200 |
|
53. | unpackme | Reverse Engineering | picoCTF | 2022 | 300 |
|
54. | Some Assembly Required 1 | Web Exploitation | picoCTF | 2021 | 70 |
|
55. | Some Assembly Required 2 | Web Exploitation | picoCTF | 2021 | 110 |
|
56. | Some Assembly Required 3 | Web Exploitation | picoCTF | 2021 | 160 |
|
57. | jaWT Scratchpad | Web Exploitation | picoCTF | 2019 | 400 |
|
MEET THE TEAM MEMBERS
BAY'S LOGO
CLICK THE BUTTON BELOW TO VIEW!
BAY - CTF DIVISION
USERNAME | HELD STREAM | Profession(s) |
---|---|---|
jon-brandy | Web-Exploitation - Forensics | College Student - Researcher |
Q | Web-Exploitation - Cryptography | College Student - Designer |
RioFerdinand25 | Forensics | College Student |
Antonyous10 | Cryptography | College Student |
PlasmaRing | Reverse-Engineering - Cryptography | College Student - Entrepreneur |
stephanchandra | Binary Exploitation | College Student - Mentor |
LEARNING REFERENCES
https://github.com/apsdehal/awesome-ctf/blob/master/README.md
https://int0x33.medium.com/day-18-essential-ctf-tools-1f9af1552214
https://ctftime.org/ctf-wtf/
https://cryptokait.com/2020/09/02/taking-password-cracking-to-the-next-level/
https://wiki.skullsecurity.org/index.php/Passwords#Password_dictionaries
https://askubuntu.com/questions/866596/you-do-not-have-permission-to-extract-to-this-folder
https://jwt.io/introduction