An excellent question!
If you’re reading this, there’s a good chance you are considering joining us for what promises to be a pretty fly BSides Canberra Capture The Flag competition in just a few short weeks. The great news is that this CTF has been specially designed to include something for absolutely everyone, no matter whether you’re chalking up your 50th battle or tiptoeing in ‘just to have a look’ 🙂
If you’ve never ever hacked anything before, this is the CTF for you.
If you’re an infosec student, this is the CTF for you.
If you’re a landscape gardener, this is the CTF for you.
If you fancy yourself as a bit of a hacker extraordinaire, this is the CTF for you.
If you’re still hyped from the recent CrikeyCon CTF, this is the CTF for you.
If you hack stuff in your spare time, popping 0-days like a boss, this is the CTF for you.
If you’re a professional Uber driver and the only reason you’re attending BSides Canberra is because your friend bought you a ticket, this is the CTF for you.
If you’re brand spanking new to the hands-on side of hacking, there’s no better place to give it a red hot go than at a security conference. At BSides Canberra, you’ll not only find people who are keen to discuss (and demonstrate) the techniques, tools and methods behind the magic, but you’ll be able to jump straight into a diverse playground containing a wide range of vulnerable systems and applications ranging from easy peasy to diabolically difficult.
To participate in the CTF effectively, you’ll want to make sure you bring the right kit! The types of challenges presented do vary between competitions, but the below basic kit will serve you well in most cases:
Laptop + power
The most important equipment you’ll need. Don’t forget your power brick. Best not to bring your corporate laptop (for obvious reasons) and make sure you have admin/root privileges.
Extension cord + power board
Super handy, especially if you’re running a little late and there are no free sockets available.
If you’re lucky enough to be participating in a CTF that pipes out to the internet, it’s likely to be super slow. Bring your own 4g hotspot or tether to your phone’s wifi when you need to do some research on how to attack those tricky challenges.
Injectable wifi card
Should a wireless challenge pop up, then you’re all set! Head over to aircrack-ng to make sure a basic injection test works for your card (don’t stress if your card fails tests 5 and 7, that’s just fine).
Portable battery pack
To charge up your phone, your friends phone, or that random person’s phone.
USB flash drive
At least 8GB. Super handy.
Pen and paper
You might use them, you might not. Better to have it and not need it than to need it and not have it.
Unless you’re running your attack software natively, you’re probably going to want to load up a virtual instance of Kali Linux or some other penetration testing platform. VirtualBox is a decent package that will allow you to run your attack VM, take snapshots and perform other virtualisation tasks. VMWare Player is also free and is great for running up a pre-built VM for CTF fun.
The gold standard, loaded with useful tools and you’ll always be able to find someone in the CTF room that can show you something new about this well known distro. Head over and grab a copy of the ISO to build your own custom VM, or take advantage of their pre-constructed virtual package that’s ready to be imported into your fave virtulisation app.
Some things (like PE binary analysis) are much, much easier on Windows. A virtualised version where you can take snapshots is ideal. Ensure your version is appropriately licensed. In fact, as a professional human being, you should be ensuring that ALL software you bring is legit.
Take some photos, capture the vibe and return home with something to remember the day. Your phone has one, don’t forget to use it!
It’s important to stay hydrated, even when it feels like you haven’t moved for hours.
Sometimes all you need to do is escape the noise, retreat into the depths of your mind and the answer presents itself….how mystic is that? Also good for taking calls from your boss.
Want to get some practice in before the big day but aren’t sure what to expect? Take a look at OverTheWire.org or have a go at the wildly popular PicoCTF to get a broad idea of the type of challenges you might come across.
At the conclusion of the competition on Saturday afternoon, we’ll be walking through a few of the challenges from start to finish – explaining exactly how each vulnerability is identified, the process of elimination as the exploit is crafted through trial, error and research is important as the way in which each of us approaches problems can differ. Walking away blind from a challenge that you couldn’t conquer after several hours is NOT something we enjoy (and it’s happened to us regularly over the years) so we’ll ensure that this doesn’t happen to you.
That’s it – you’re all set!
If you have any questions regarding the BSides Canberra 2017 Capture The Flag competition, please feel free to reach out to any of the CTF Crew via the Twitters:
Hope to see you there!