Ethical hacking


Hacking like in the movies : Insomni'hack 2015 CTF writeups

insomnihack-500px.jpg

The two talks will present this year's Insomni'hack Capture The Flag event and walk the audience through some of the challenge solutions, general tools and techniques. We will reminisce about our successes and failures during the preparation as well as while running the event.


Language: French

Adrien Stoffel & Michael Zanetta (SCRT)

Adrien Stoffel & Michael Zanetta
(SCRT)

Adrien and Michael are security engineers at SCRT, working on penetration tests, forensics and malware analysis.

As part of their job, they are also organizers of the Insomni'hack CTF held in Geneva every year.

During their spare time, they enjoy playing Capture The Flag challenges and participate in a number of events with the 0daysober team.


Y-NOT-CTF

CTF?

In the domain of information security, Capture The Flag (CTF) is a game-like competition where participants are required to attack and defend computer systems in a controlled environment and in a legal way. Various problem solving tasks require from players knowledge in reverse engineering, web application analysis, cryptanalysis, forensics and exploit development among others.

There are mainly two types of CTF competitions:

  • In *Jeopardy-style* competitions participants are given a number of tasks or problems in various categories and points are awarded for problem solving with respect to the task difficulty. The ranking is established according to points obtained by the teams or individual players.
  • In an *Attack-defense* competition participants are provided with vulnerable environments which they need first to analyse and patch. Afterwards teams environments are interconnected and every team would try to exploit each other services and gain points. The team who gets compromised looses points. 

Many CTF competitions are organised regularly online and locally. It is a good educational experience and a perfect way to learn and practice your skills in different security areas in real-world scenarios. 

Contest details

Faithful to last year edition and to other major information security events, we would like to offer our participants a mini-CTF event on Wednesday Nov 4, 2015 from 4:30 pm till 6:30 pm. This is a Jepoardy-style CTF meaning that participants will be required to solve challenges in different categories (binary analysis, exploitation, forensics, web). 

Participation:

  • The participation to the Y-NOT-CTF is open to everyone, conference participants and externals alike. 
  • The participation is free.

Registration:

  • Number of participants is limited to 60.
  • Each participant should register himself by subscribing a free ticket.
    See the page Registration.

Team compositions:

  • You can participate individually or by team
  • The final registration of yourself/your team is done at the beginning of the CTF. We do not need to know the composition of the teams before the CTF.

Further details:

  • You can only participate locally from CYBSEC15 network. 
  • No network scan. Stick to challenge IPs.
  • No attacks on other players. 
  • No voluntary Denial-Of-Service of CTF infrastructure.

Prizes:

  • The 3 top teams/players will be awarded some cool prizes. 

Why?

Why not? 

Organizing partners