Introduction of CTF and CGC

Download as PPTX, PDF

•1 like•2,726 views

This document provides an introduction to hacking competitions called Capture the Flag (CTF) events and the related Cyber Grand Challenge (CGC). It discusses the different types and styles of CTF competitions, including jeopardy and attack-defense styles. It also outlines the problem categories in CTF like reverse engineering, pwnable, cryptography, forensics and web. The document notes the benefits of participating in CTFs and the culture around CTF events. It provides an overview of the CGC, which involves automated systems defending and attacking each other. An example of an automated patching system from the CGC is also summarized.

Software

More Related Content

What's hot (20)

PPTX

Caputre the flagUIT

PDF

Capture The FlagHuu Tung Nguyen

PPTX

Play,Learn and Hack- CTF TrainingHeba Hamdy Farahat

PPTX

A closer look at CTF challengesDNIF

PDF

Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKCysinfo Cyber Security Community

PDF

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon

PDF

MITRE ATT&CK Frameworkn|u - The Open Security Community

PDF

Introduction to red team operationsSunny Neo

PDF

Ceh v5 module 07 sniffersVi Tính Hoàng Nam

PDF

Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin

PPTX

Introduction to MetasploitGTU

PDF

Purple Team Exercise Workshop December 2020Jorge Orchilles

PDF

Ch 5: Port ScanningSam Bowne

PDF

Building an InfoSec RedTeamDan Vasile

PDF

Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman

PDF

Introduction à la sécurité informatiqueYves Van Gheem

PDF

Red Team Framework👀 Joe Gray

PDF

Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles

PDF

Purple Team Exercises - GRIMMConJorge Orchilles

PPT

13 asymmetric key cryptographydrewz lin

Caputre the flagUIT

Capture The FlagHuu Tung Nguyen

Play,Learn and Hack- CTF TrainingHeba Hamdy Farahat

A closer look at CTF challengesDNIF

Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKCysinfo Cyber Security Community

MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon

MITRE ATT&CK Frameworkn|u - The Open Security Community

Introduction to red team operationsSunny Neo

Ceh v5 module 07 sniffersVi Tính Hoàng Nam

Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin

Introduction to MetasploitGTU

Purple Team Exercise Workshop December 2020Jorge Orchilles

Ch 5: Port ScanningSam Bowne

Building an InfoSec RedTeamDan Vasile

Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman

Introduction à la sécurité informatiqueYves Van Gheem

Red Team Framework👀 Joe Gray

Adversary Emulation and Red Team Exercises - EDUCAUSEJorge Orchilles

Purple Team Exercises - GRIMMConJorge Orchilles

13 asymmetric key cryptographydrewz lin

Similar to Introduction of CTF and CGC (20)

PDF

A Beginner’s Guide to Capture the flag (CTF) Hackinginfosec train

PDF

Capture the flagKachkad Narender

PPTX

Emotional Support for "48 hours of failure"GDSC UofT Mississauga

PPTX

CTF CyberX-Mind4Future[4].pptxcifoxo

PDF

Capture The FlagOmar Fathy

PDF

earning by s/doing/h4ck1ng/ - Our experience learning application security th...NECST Lab @ Politecnico di Milano

PDF

How to strengthen the ctf web field for beginners(English)kazkiti

PPT

HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...Anthony Lai

PDF

Why should you consider playing CTF.pdfinfosec train

PDF

Flag4 CTFijtsrd

PDF

Why everybody should do CTF / Wargames?Miroslav Stampar

PPTX

Winter Hacks CTF.pptxPRIYATHAMDARISI

PDF

CTFs, Bugbounty and your security careerIbrahim El-Sayed

PPTX

Playing CTFs for Fun & Profitimpdefined

PPTX

Cyber Security Career Hesham Elzoghby

PDF

Ctf hello,world! Hacks in Taiwan (HITCON)

PDF

Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity

PDF

20240921 - HITCON 社群活動《CTF 轉生－到了業界就拿出真本事》- bruce30262 講師分享Hacks in Taiwan (HITCON)

PDF

[2012 CodeEngn Conference 06] posquit0 - Defcon 20th : The way to go to Las V...Code Engn

PDF

CyberX_Slides_Melloni.Daniele.pdfcifoxo

A Beginner’s Guide to Capture the flag (CTF) Hackinginfosec train

Capture the flagKachkad Narender

Emotional Support for "48 hours of failure"GDSC UofT Mississauga

CTF CyberX-Mind4Future[4].pptxcifoxo

Capture The FlagOmar Fathy

earning by s/doing/h4ck1ng/ - Our experience learning application security th...NECST Lab @ Politecnico di Milano

How to strengthen the ctf web field for beginners(English)kazkiti

HKUST Computer Science Festival 2013 - Seminar: Computer Science, Hacking and...Anthony Lai

Why should you consider playing CTF.pdfinfosec train

Flag4 CTFijtsrd

Why everybody should do CTF / Wargames?Miroslav Stampar

Winter Hacks CTF.pptxPRIYATHAMDARISI

CTFs, Bugbounty and your security careerIbrahim El-Sayed

Playing CTFs for Fun & Profitimpdefined

Cyber Security Career Hesham Elzoghby

Ctf hello,world! Hacks in Taiwan (HITCON)

Capture the Flag Exercise Using Active Deception DefenseFidelis Cybersecurity

20240921 - HITCON 社群活動《CTF 轉生－到了業界就拿出真本事》- bruce30262 講師分享Hacks in Taiwan (HITCON)

[2012 CodeEngn Conference 06] posquit0 - Defcon 20th : The way to go to Las V...Code Engn

CyberX_Slides_Melloni.Daniele.pdfcifoxo

More from Kir Chou (20)

PDF

Learn from LL(1) to PEG parser the hard wayKir Chou

PDF

Time travel: Let’s learn from the history of Python packaging!Kir Chou

PDF

Python パッケージの影響を歴史から理解してみよう！Kir Chou

PDF

The str/bytes nightmare before python2 EOLKir Chou

PPTX

PyCon TW 2018 - A Python Engineer Under Giant Umbrella (巨大保護傘下的 Python 碼農辛酸史) Kir Chou

PPTX

PyCon TW 2017 - Why do projects fail? Let's talk about the story of Sinon.PYKir Chou

PPTX

GCCKir Chou

PPT

Spime - personal assistantKir Chou

PPTX

Ch9 package & port(2013 ncu-nos_nm)Kir Chou

PPTX

Ch8 file system management(2013 ncu-nos_nm)Kir Chou

PPTX

Ch7 user management(2013 ncu-nos_nm)Kir Chou

PPTX

Ch10 firewall(2013 ncu-nos_nm)Kir Chou

PDF

Knowledge Management in Distributed Agile Software DevelopmentKir Chou

PDF

Cms part2Kir Chou

PDF

Cms part1Kir Chou

PDF

Sitcon2014 community by server (kir)Kir Chou

PDF

Webapp(2014 ncucc)Kir Chou

PDF

廢除雙二一議題保留方論點 (2013ncu全幹會)Kir Chou

PPTX

Ch6 ssh(2013 ncu-nos_nm)Kir Chou

PPTX

Ch5 network basic(2013 ncu-nos_nm)Kir Chou

Learn from LL(1) to PEG parser the hard wayKir Chou

Time travel: Let’s learn from the history of Python packaging!Kir Chou

Python パッケージの影響を歴史から理解してみよう！Kir Chou

The str/bytes nightmare before python2 EOLKir Chou

PyCon TW 2018 - A Python Engineer Under Giant Umbrella (巨大保護傘下的 Python 碼農辛酸史) Kir Chou

PyCon TW 2017 - Why do projects fail? Let's talk about the story of Sinon.PYKir Chou

GCCKir Chou

Spime - personal assistantKir Chou

Ch9 package & port(2013 ncu-nos_nm)Kir Chou

Ch8 file system management(2013 ncu-nos_nm)Kir Chou

Ch7 user management(2013 ncu-nos_nm)Kir Chou

Ch10 firewall(2013 ncu-nos_nm)Kir Chou

Knowledge Management in Distributed Agile Software DevelopmentKir Chou

Cms part2Kir Chou

Cms part1Kir Chou

Sitcon2014 community by server (kir)Kir Chou

Webapp(2014 ncucc)Kir Chou

廢除雙二一議題保留方論點 (2013ncu全幹會)Kir Chou

Ch6 ssh(2013 ncu-nos_nm)Kir Chou

Ch5 network basic(2013 ncu-nos_nm)Kir Chou

Recently uploaded (20)

PDF

How AI in Healthcare Apps Can Help You Enhance Patient Care?Lilly Gracia

PDF

Virtual Threads in Java: A New Dimension of Scalability and PerformanceTier1 app

PDF

custom development enhancement | Togglenow.pdfaswinisuhu

PDF

Instantiations Company Update (ESUG 2025)ESUG

PDF

AI Image Enhancer: Revolutionizing Visual Quality”docmasoom

PPTX

MiniTool Partition Wizard Crack 12.8 + Serial Key Download Latest [2025]filmoracrack9001

PPTX

Chess King 25.0.0.2500 With Crack Full Free Downloadcracked shares

PDF

Odoo Customization Services by CandidRoot SolutionsCandidRoot Solutions Private Limited

PPTX

Transforming Lending with IntelliGrow – Advanced Loan Software SolutionsIntelli grow

PDF

Code and No-Code Journeys: The Maintenance ShortcutApplitools

PDF

Notification System for Construction Logistics ApplicationSafe Software

PPTX

Operations Profile SPDX_Update_20250711_Example_05_03.pptxShane Coughlan

PDF

Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19CandidRoot Solutions Private Limited

PPTX

Processing with Claim Management Automation SolutionsInsurance Tech Services

PDF

Top 10 AI Use Cases Every Business Should Know.pdfnicogonzalez1075

PPTX

SAP Public Cloud PPT , SAP PPT, Public Cloud PPTsonawanekundan2024

PDF

Australian Enterprises Need Project Service AutomationNavision India

PPTX

prodad heroglyph crack 2.0.214.2 Full Free Downloadcracked shares

PDF

SAP GUI Installation Guide for Windows | Step-by-Step Setup for SAP AccessSAP Vista, an A L T Z E N Company

PDF

AI Software Engineering based on Multi-view Modeling and Engineering PatternsHironori Washizaki

How AI in Healthcare Apps Can Help You Enhance Patient Care?Lilly Gracia

Virtual Threads in Java: A New Dimension of Scalability and PerformanceTier1 app

custom development enhancement | Togglenow.pdfaswinisuhu

Instantiations Company Update (ESUG 2025)ESUG

AI Image Enhancer: Revolutionizing Visual Quality”docmasoom

MiniTool Partition Wizard Crack 12.8 + Serial Key Download Latest [2025]filmoracrack9001

Chess King 25.0.0.2500 With Crack Full Free Downloadcracked shares

Odoo Customization Services by CandidRoot SolutionsCandidRoot Solutions Private Limited

Transforming Lending with IntelliGrow – Advanced Loan Software SolutionsIntelli grow

Code and No-Code Journeys: The Maintenance ShortcutApplitools

Notification System for Construction Logistics ApplicationSafe Software

Operations Profile SPDX_Update_20250711_Example_05_03.pptxShane Coughlan

Summary Of Odoo 18.1 to 18.4 : The Way For Odoo 19CandidRoot Solutions Private Limited

Processing with Claim Management Automation SolutionsInsurance Tech Services

Top 10 AI Use Cases Every Business Should Know.pdfnicogonzalez1075

SAP Public Cloud PPT , SAP PPT, Public Cloud PPTsonawanekundan2024

Australian Enterprises Need Project Service AutomationNavision India

prodad heroglyph crack 2.0.214.2 Full Free Downloadcracked shares

SAP GUI Installation Guide for Windows | Step-by-Step Setup for SAP AccessSAP Vista, an A L T Z E N Company

AI Software Engineering based on Multi-view Modeling and Engineering PatternsHironori Washizaki

Introduction of CTF and CGC

1. Introduction to Hacking Competitions CTF & CGC Kir Chou @ Meetup Coffee with Science 1 2017 Nov

2. About me Kir Chou  Taiwanese  SDE (Pythonista) @ Tokyo 2 note35 kir.choukirchou

3. Outline i. What is CTF ii. Problem categories iii. Benefit from CTF iv. Culture of CTF v. What is CGC vi. CRS example 3

4. What is CTF Capture the flag 4

5. What is CTF • CTF a.k.a Capture the Flag • A Computer security competition – CTF Time • For educational exercise and reward • Require several skills 5

6. Styles of CTF • Jeopardy (Common) - ジアパディー • Multiple categories of problems • Earn the most points in the time frame 6

7. Styles of CTF • Attack-Defense (Advance) • Given a machine (or a small network) to defend on an isolated network • Famous Competition: DEFCON | CSAW • Game Record in DEFCON 2014 [Src] 7

8. DEFCON – Hacker World Cup • History • Found in 1992 / CTF started from 1996 • @Las Vegas in August • How to enter? • Champion in seed CTF (Hitcon, Seccon…etc) • Top10 @ DEFCON Quals in May 8

9. HITCON • Found in 2005 • 2017 DEFCON 2nd • 2016 DEFCON 4th • 2014 DEFCON 2nd • Top 1 @ CTFTime Oct. 2017 • Why the name is 217? 9

10. Problem categories 10 Reverse Pwnable Crypto Forensics Web Misc

11. Reverse 11 Download Find Key Earn Points Stereotype of typical hacker Some problems are relied on experience Some problems are like pwnable problem Recommend any background 0~ year [example]

12. Pwnable 12 Download Some problems don’t give you any file Find exploitable vulnerability Earn PointsConnect to server Use exploitable vulnerability to get shell Hard to get started once you learned, it’s fun but need talent Recommend CS background ~1 year [example]

13. Crypto 13 Very hard to learn Crypto are usually hard without background Recommend Math/CS background 4~ years Various Source Web, File, String. Hardware… Apply Math (Modern Cryptography) Earn Points [example]

14. Forensics 14 File Apply Analysis, Simulation… Earn Points Some problems are rely on experience Most of problem need to learn tools Recommend Any background 0~ year [example]

15. Web 15 I have no idea how to explain this Recommend for web geeek ∞ year [example]

16. Misc 16 No one need to learn how to play puzzle…right? Recommend any background 0 year Various Source Web, File, String. Hardware… Play with puzzle Earn Points Don't be addicted to this this won’t help you become strong [example][Maze]

17. Benefit from CTF • Digging knowledges • Be bullied & Bullying • Earn money 17

18. Culture of CTF • Strong is everything 強者至上主義 • Strong teams host famous CONF • Strong teams host famous CTF • Co-work workspace (eg. Trello, Slack) • Write-up after ctf (Blog, SNS) • writing blog about how you solve problem 18

19. Trello 19 https://trello.com/

20. What is CGC • CGC a.k.a. Cyber Grand Challenge • Found by DARPA since 2014 (every 2 years) • Make a CRS(Cyber Reasoning System) to attack and defense by system itself • Challenge Qualification Event (Standalone) • Challenge Final Event (Attack-defense) 20 Techniques Static Analysis Dynamic Analysis Symbolic Execution Constraint Solving Data Flow Tracking Fuzz Testing [src][example] Pwnable + Reverse !

21. How does CRS work? Finishing all of them automatically 21 Maintain service in the system Find exploit vulnerabilities Fix exploit vulnerabilities Analysis program/process

22. CRS Architecture 22

23. Thanks for listening 23

24. Appendix • An auto patching example of CRS 24

25. Example Flawed Program 25 void foo(char* str) { strcpy(str, “1234567890”); } int main(void) { char buf[5]; foo(buf); return 0; } [example]

26. Example CRS 26 Triage

27. Fault Localization 27 Attackable path

28. Patch Flow 28

29. Patch Buffer Overflow 1.Decrease the bound to a suitable value strncpy(dst, src, 100) → strncpy(dst, src, 40) 2.Increase the buffer size char buf[40] → char buf[100] 29

Editor's Notes

#12: http://katc.hateblo.jp/entry/2016/10/10/122013
#13: https://poning.me/2016/10/29/secret-holder/
#14: https://193s.github.io/blog/2015/10/19/hitcon-2015-rsabin-writeup/
#15: http://lockboxx.blogspot.jp/2014/08/hitcon-2014-ctf-writeup-g8la-forensics.html
#16: http://icheernoom.blogspot.jp/2016/10/hitcon-ctf-2016-web-write-up.html
#17: https://blog.m157q.tw/posts/2015/10/19/hitcon-ctf-2015-quals-write-up/ https://www.youtube.com/watch?v=uPXhLQjpInU
#21: https://github.com/CyberGrandChallenge/ https://github.com/CyberGrandChallenge/samples/tree/master/examples/CADET_00001 http://archive.darpa.mil/cybergrandchallenge/ https://www.darpa.mil/program/cyber-grand-challenge
#26: https://github.com/SQLab/pin/tree/master/0ops_app http://www.thegeekstuff.com/2013/06/buffer-overflow https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/