Have you ever wanted to participate in a CTF (Capture the Flag), but just don’t know where to start? Would you like to work on a fun CTF with others at a similar level, and not have to deal with the frustration of not knowing where to start, or being blown out of the water by the CTF wizard at the next table? Just want to see what CTFs are all about? Well, this is the workshop for you!
We’ll divide the session up into teams, based on experience level, and set the teams loose on a (pre-built) CTF. CTF “Trail Guides” will be available to provide pointers for where to look, and each team that finds a flag will be asked to walk the other teams through how they found that flag! By the end of the workshop, you’ll have experience in both Web Application Penetration Testing, and in CTFs, and hopefully be ready to tackle the event’s REAL CTF.
Participants will need laptops with the ability to run a VM (VMWare Player, Virtual Box, etc).
Note: If you’ve worked your way through a number of canned, self-hostable CTFs, this may not be the event for you – we’ll be using one of those, and don’t want it to be too easy for you. (But, we’d love to have you help as a “Trail Guide”! Contact firstname.lastname@example.org if interested!)
Justin is an Application Security Solutions Architect at New Context Services. He has spent almost 20 years in InfoSec, AppDev, and Systems Administration, and still isn’t sure what he wants to do when he grows up. In his free time, he plays tabletop games with his family, does home repair, cooks things, and tinkers with electronics. He is also the local chapter leader for OWASP – Kansas City, and helps out with SecKC when he can.
Mark is a web app penetration tester at NIC inc, and an adjunct professor of IT and IT security at MCCKC. He is a CTF enthusiast and recently competed in the SANS Tournament of Champions after winning first place in a regional round. Free time includes Krav Maga, billiards, and mentoring others into security.