ColaSec held its first ever capture the flag event this past Saturday. A huge shoutout goes to Ralph Collum and Training Concepts for making the event possible. Ralph pretty much picked up the idea of a CTF event and ran with it for a touchdown. Also a shoutout to Jeff Lang for doing the Tuesday presentation on CTF basics.
We peaked at 10 people participating during the event and had six people stay for the entire four-hour event. It was a valuable experience that everyone seemed to enjoy. We plan to do more of the events in the future. Right now we're looking at doing them twice a year. Stay tuned for more details.
Here are some thoughts and links from Ralph:
"ColaSec participated in its first CTF this past Saturday. It was a great opportunity to learn some new skills and tools as everyone could learn some new ways to compromise machines and technologies. This was a great opportunity to engaged in learning as oppose to strict lecture and presentations. There were a variety of challenges in the machines everything from web applications, password cracking, forensics and crypto. The list of VM’s available for compromises are listed below in order of target’s assigned to everybody at the meetup. These types of events are actually a critical element of the security professional’s development, helping to build and maintain skills essential to the protection of our institutions. These events offer a more practical way to learning about vulnerabilities and threats and help the individuals participating in them build their skillset and sharpen their tools in testing and assessing networks are services. Most of the CTF exercises follow a common methodology of attacks, which include recon/footprinting, scanning, system hacking/exploitation, post exploitation/privilege escalation, and then finally gaining root level access to the environment. Hopefully, the most important thing that came out of the CTF was that everybody got an opportunity to learn something new and possible find a new way to look at and understand the threats out there. Finally, even though it might seem like some of the challenges were tough through practice, patience, and dedications these CTF’s can be invaluable to the improvement and development of skills in information security."
- VM Target #1: https://www.vulnhub.com/entry/de-ice-s1100,8/
- VM Target #2: https://www.vulnhub.com/entry/de-ice-s1120,10/
- VM Target #3: https://www.vulnhub.com/entry/de-ice-s1140,57/
- VM Target #4: https://www.vulnhub.com/entry/pentester-lab-electronic-codebook-ecb,67/
- VM Target #5: https://www.vulnhub.com/entry/tr0ll-1,100/
- VM Target #8: https://www.vulnhub.com/entry/pentester-lab-xss-and-mysql-file,66/
I've created an events gallery which features some pictures from the CTF event.
Our next meetup will be November 17, 2015. I've confirmed that the security catalyst, Michael Santarcangelo, will be joining us.