This capture the flag game and accompanying class is designed with security beginners and those who are new to CTFs in mind. The vulnerabilities will range from blank passwords to custom buffer overflow vulnerabilities. Choose the instructor of your choice and work with the rest of the students to defend servers built by the other instructors and exploit and maintain control of servers managed to opposing teams. Though my courses up until now have focused on offense, in this unique class we will cover much more. We will complete hands-on exercises in defense and hardening, incident response, attacking systems, and maintaining access, to prepare you for the live game.
The final game will take place on Saturday April 26th from 12pm to 6pm EST. Preparation classes will run Saturday April 12 and Saturday April 19 from 12pm-4pm Central Time. Classes will be recorded and made available to all students, so having a conflict for a class time is no reason not to play. Additional team meeting times may be scheduled among yourselves. Instructors will be available before and during the competition to provide assistance and answer questions.
Let’s get down to the game details:
Game Type: Team Network Attack and Defense
Game Play: Scoring via placing a team file (flag) on opposing team’s target server
Skill Level: Beginner/Intermediate
Date/Time: April 26th from 12pm EST – 6pm EST
This will be a fun game. Each team will be given a virtual machine that will serve as the team’s target host. Each team will be scored on their ability to both attack the other teams’ target hosts while defending their own target host.
In order to score the team’s target host must be up with all mandated services running.
– Nessus and Metsploit can be used, but beware bandwidth penalties so keep scanning to a minimum.
– Password brute-forcing is allowed
– Using commercial pentesting tools is allowed (ex: Core, Saint, Canvas)
– Scoring server will verify that target host configuration and services are running and properly configured (you will not be able to score if your team’s target server is down or misconfigured)
– There is no Firewalling/IP Filtering allowed at all
Stable internet connection with a minimum of 1Mbit/sec that can connect to UDP 1194 (OpenVPN port)
No commercial VPN licenses required to participate
1st Place – 1 FREE classes from the teacher of their choice per team participant
Signup now and let’s have some fun.
Sign-up for Georgia’s team:
Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world including Shmoocon, Blackhat, Hack in the Box, and Derbycon. Georgia has delivered Security LLC , a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She is the author of Penetration Testing: A Hands-on Introduction to Hacking from No Starch Press.highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia recently founded Bulb Security LLC , a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She is the author of Penetration Testing: A Hands-on Introduction to Hacking from No Starch Press.
Sign-up for Joe’s Team
Joe McCray is a US Air Force Veteran and has been in the IT Security field for over 12 years. He has worked extensively with the medical community, the financial industry, retail, the federal sector, the Department of Defense, 3-letter agencies, and several foreign governments. His technical background is very broad with nearly 20 industry certifications and experience covering networks, web applications, binary applications, mobile applications and his expertise is in bypassing IT Security Systems.
Joe has been involved in hundreds of penetration testing engagements and has some major hacking accomplishments, techniques, tips, and tricks that he share in his students and clients. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is also the founder and CEO of Strategic Security, an IT Security consulting firm that provides both training and in-depth technical IT Security assessments.
Sign-up for Anthony’s Team
Anthony Williams has been in the information security field and an active pentester for over 12 years. He is a Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), EC-Council Certified Security Architect (ECSA), Licensed Penetration Tester (LPT) and Certified EC-Council Instructor (CEI). He also maintains other industry certs like the Security+.
Anthony is well regarded as one of the top 15 wireless security experts in the world with over 30,000 wireless APs contributed to on the world wide war drive. He has published several articles in Hakin9 magazine and is a frequent speaker at security conferences such as HOPE and Infosek. He also runs a security consulting firm called iRON::Guard.
Anthony teaches the CEH, Security+, CHFI, ECSA/LPT and other hacking and forensics classes.