You would like to participate in the next CTF event with us?

Great! Read carefully through this document :)

What is a CTF?

There are two kinds of CTFs, Jeopardy and Attack-Defense. We mostly participate in Attack-Defense CTF competitions.

Read the post on Attack-Defense for Beginners or lean back and watch this video on CTFs in general or a presentation which also covers Attack-Defense CTFs.

@blu3r4y gave another 5-minute-intro on Attack-Defense CTFs during a lecture back in November 2017. Unfortunately, the video is only available in German at the moment, but it has English subtitles.

Preparation

Create and confirm your account at git.sigflag.at

Before you can learn more about our infrastructure, we need to confirm your account.

Meet one of the admins in person, attend the events or write us an email to get access. We highly recommend you to visit one of the introductory events.

In the meantime, continue to setup your environment.

Setup your environment

Operating system

You can use whatever system you like, although you definitely need the following two things:

We highly recommend you to use a Linux system. KALI Linux is a perfect choice for CTF events. You can either install KALI Linux side-by-side to your current system (dual-boot) or directly onto your device.

If you don’t want to clutter your computer with a second operating system, we recommend you to setup a virtual machine. VirtualBox is a popular choice for a free hypervisor.

SSH Client and Keys

You will connect to various remote machines during the CTF event. We only allow SSH Keys and no passwords. If you would like to learn more about SSH keys, follow this link.

On Linux

Check if you already have an ssh keypair configured by trying to read the public key:

cat ~/.ssh/*.pub

If you got a valid ssh keypair, you are all set. You can skip the following steps.

If not, read on …

  • Generate a new keypair with ssh-keygen -t ed25519 and follow the prompted instructions
  • We recommend to set a passphrase on your keypair
  • Read your public key with cat ~/.ssh/*.pub
On Windows

You need an SSH client for Windows. PuTTY is a popular choice. Make sure to download putty.exe and puttygen.exe.

Final Steps

Once your account is confirmed, add your PUBLIC KEY to git.sigflag.at.

Training

The strength of the team is each individual member.
The strength of each member is the team.

We highly appreciate your contributions to our team. Along with that, we would like to present you a few opportunities to train your skills.

Reading Material

Further suggestions

  • Train your hacking skills on Jeopardy CTF events individually or in a small team. You can find an overview of upcoming CTFs on ctftime.org
  • If you are a student of the JKU, enroll in various courses concering information security or similiar topics

Hack with us!

You can dive into more detailed infrastructure details here, once your account got confirmed. Meet one of the admins in person, attend the events or write us an email to get access.

Team Setup

Usually, we try to split our members into various teams. You may start thinking about a team, which suits you well. Don’t worry, we don’t enforce this clustering ;)

  • Monitoring … Detecting intruders and keeping an eye on our infrastructure
    • Network
    • Systems
  • Exploiting … Yea, hacking!
    • Applications with source code
    • Binaries
    • Fuzzing
  • Scripting … Write exploit scripts to steal flags from others
  • Coordination … Being a smart ass about how other people could do stuff better