PLAY.SIGFLAG.AT

The game has started - tune in now!
 


Click here to read this page in German.

Become a Hacker


 
WORKSHOP FULLY BOOKED

Thank you for your overwhelming interest! The workshop is fully booked.

Please send us an e-mail to info ~ at ~ sigflag.at to be listed on the waiting list for remaining places. We will get back to you shortly if there are still places left.

Important note: It will also be possible to solve the tasks remotely.
 


SIGFLAG is looking for new members. And we want to let you get a taste of hacker air. In this workshop you will learn about the most important hacking categories and can apply your knowledge on different tasks. The experienced SIGFLAG members actively support you in the process. The aim of the workshop is also to get an insight into typical tasks at Security CTF Competitions.


REVERSE PWN WEB NETWORK CRYPTO STEGO


When? Friday, May 17, 2019 from 12:30 to 18:00

Where? JKU Linz, Science Park 1, Room MT 127 - Altenberger Straße 69, 4040 Linz

Language? Presentations in DE. Slides in EN. Support during the workshop in DE + EN.

I only speak English. Is this workshop for me?

Yes. The slides will be in English, the necessary resources will be in English and our SIGFLAG team members will answer your questions in English. It may even be possible to cover some parts of the introduction in English as well.


Costs?

Free entry after free registration.
Free drinks. Free snacks. Free pizza.

We thank our sponsors epunkt, SEC Consult, VACE Security and Dynatrace for their active support. Thanks to them there will be drinks, snacks and pizza for free.



How does the workshop work?

12:30. Our team members will introduce 6 hacking categories with examples and show you how best to approach the various tasks.

14:00. The hacking starts. Challenges with increasing levels of difficulty await you in each category. This will allow you to either try out all the categories for a moment or immerse yourself in a single one - depending on what you enjoy! You do not get on with a task? You do not know how to start? No problem: The experienced members of SIGFLAG will help you with tips and tricks.

18:00. After 4 hours we will complete the free hacking and present a few solutions for individual challenges. The challenges will be available online for even longer, so you can continue hacking at home.


What do I have to bring?

Your own laptop, programming skills and the curiosity and willingness to independently dive into new things. It is also important that you are enthusiastic about a category of your choice - then you will be able to accomplish its tasks as well.

For some categories, we recommend that you have some prior knowledge. These requirements and recommendations can be found in the description of the categories below.

As some advanced tools are only available on Linux, below you will find instructions on how to set up a Linux VM.


How do I set up the SIGFLAG VM?

We recommend a Linux operating system or our SIGFLAG VM for all categories, but especially for solving the higher levels in CRYPTO and WEB. For the categories REVERSE and PWN a Linux system is an absolute necessity even in the first level!

In the video below we explain step by step how to set up the SIGFLAG VM. Please perform these steps at home before the workshop. Write to us if you need any help.

1. Activate Intel Virtualization Technology (VT-x) in BIOS
2. Download the SIGFLAG VM here
3. Download VirtualBox here
4. Download the Oracle VM Extension Pack here
5. Install VirtualBox
6. Import the SIGFLAG VM
7. Start the SIGFLAG VM and login with user reverser and password password



From which hacking categories can I choose one or more?

Reverse Engineering The hardcore discipline of hacking. The code is compiled and can only be read by machines: that’s it? Not for reversers: we break down the program into its individual parts, reconstruct methods, observe the control flow and find data structures.

Required      Basic C skills + setting up a VM in VirtualBox or similar
Recommended   Course: Systems Programming


Pwning Buffer overflows on the stack, buffer overflows on the heap, ROP chains and, with a bit of luck, a shell as well. When pwning, we use everything we can to let a program play and jump by our rules.

Required      Basic C skills + setting up a VM in VirtualBox or similar
Recommended   Course: Systems Programming


Web Security PHP web pages, SQL databases and JavaScript code provide a broad attack surface. In this category we break into the backend of a homepage or just dump a backup of the webservers database.

Required      A browser (e.g. Firefox or Chrome) + Basic web skills
Recommended   SQL expertise + JavaScript expertise


Network Although there are no direct challenges from this category in Attack Defense scenarios, it is nonetheless of great importance. The so-called “Dump.ster diving” is about identifying possible attacks of other teams, preventing and possibly imitating them. Network Dumps are also great for hiding flags.

Required      Wireshark + Basic network protocol knowledge
Recommended   Protocol design expertise


Cryptography This category is about decrypting secret messages. Together we crack everything from ancient methods such as Caesar ciphers to today’s standard algorithms such as RSA - or at least find a flaw in the implementation ;) If you like to decompose complex patterns and have a weakness for mathematics, this will certainly be the category for you.

Required      Any programming or scripting language (e.g. Python)
Recommended   Course: Cryptography


Steganography Flags in pictures. Flags in text. Flags in audio. Flags in videos. Flags - just about anywhere. Steganographers hide information in other media, “hidden in plain sight”.

Required      Any programming or scripting language (e.g. Python)
Recommended   Knowledge about the structure of media files


I am an IT security professional. Is this workshop for me?

Yes. Even professionals will get something out of this workshop. Show us your skills! The higher levels are very tricky and we are curious if you can solve them all. Alternatively, this workshop also offers you the opportunity to discover new hacking categories.


I have never solved such challenges before. Is this workshop for me?

Yes. We introduce different hacking categories and in each category the first level is very simple. This gives you the opportunity to peek into each category and find out if you like it. You can also solve a task together in the team and get tips from our experienced members. Also see here, where we describe what you should bring with you.


 
WORKSHOP FULLY BOOKED

Thank you for your overwhelming interest! The workshop is fully booked.

Please send us an e-mail to info ~ at ~ sigflag.at to be listed on the waiting list for remaining places. We will get back to you shortly if there are still places left.

Important note: It will also be possible to solve the tasks remotely.
 


Open questions? Drop us an e-mail to info ~ at ~ sigflag.at