22C3 - 2.2

22nd Chaos Communication Congress
Private Investigations

Speakers
Lexi Pimendis
Schedule
Day 3
Room Saal 4
Start time 19:00
Duration 01:00
Info
ID 428
Event type Lecture
Track Community
Language English
Feedback

Hosting a Hacking Challenge - CTF-style

Background information on CIPHER, an international Capture-The-Flag contest

The talk will give a deep view behing the scenes of creating a CTF-hacking challenge. Starting from a short analysis of requirements for such an event, the organizational work to be done, to the main topic: designing the actual contest and choosing the software to be hacked.

This years CIPHER event was a larger hacking event for students from international universities. 14 teams gathered from four continents and fourteen countries to hack the other team's server and defend their own. The exercise is about hosting a server that initially runs multiple services, i.e. a webserver, a mail server and customized services. These have typical security vulnerabilities that allow to compromise the server. The goal is to maintain the services up and uncompromised for the duration of the game, scores are also given for exploiting weaknesses and gaining access to other team's servers.

The contest was held within a VPN, to authenticate the teams and ensure that the contest will not leak 'surprises' on the remainder of the internet. The services were hosted on VMWare- images, so that the memory layout and starting conditions for each team were controlled and known to all participants.

We will give an overview of the services used in the contest, how we build them and demonstrate the tools we used to run the contest. The main goal of the exercise was to teach students how to act in situations of constant pressure and ubiqituous insecurity. The skills to actively participate not only include programming languages but also system administration and knowledge about offensive techniques.

Archived page - Impressum/Datenschutz