[sha2017-orga] SHA 2017 CTF

[SHA2017 CTF]

Dear reader,

We are sending this email to provide some insight into the SHA CTF that we
are currently building.
We are a group of hackers who are part of the Eindbazen CTF team and we are
currently in the process of organizing the official CTF for the SHA event.

A CTF is a Capture The Flag hacking game. Which generally exists of
multiple hacking-related challenges which need to be solved during the time
the CTF takes place. Players play in teams and compete against each other.
Most CTFs run for about 24-48 hours and can be played online. During the
CTF all challenges are provided in a controlled environment, and everything
is completely legal. No hacking of external parties or the other teams
takes place.

Most of the hacking events or conferences these days have an official CTF,
which takes place during the event/conference. A good example is the yearly
CTF at CCC. We personally think a CTF is a great addition to an event and
provides the visitors some technical entertainment. The CTF will further
provide promotion for the event, especially with the Teaser round we are
planning before the event where players can win four tickets for SHA2017.

To get a better understanding of the setup and kind of challenges that
players will encounter we would like to refer to the CTF we organized
during OHM 2013, which was called ebCTF: https://ebctf.nl/

Basically we have 6 categories with each challenges in 4 difficulties.
* Binary challenges where you get a binary which you need to reverse
engineer. Binaries are usually Windows or Linux executables, but can also
be from more exotic environments.
* Crypto challenges which involves classic crypto algorithms such as
substitution, Vigenere and Caeaser Ciphers, or more advanced challenges
including weaknesses in ECB mode, bit flipping, padding oracle attacks or
hash function length extension attacks.
* Forensics challenges, which contains anything related to forensics.
Challenges can include Windows, Linux, Android or Exotic platform forensics.
* Network challenges, such as analyzing packet captures or network
communication, port knocking, etc.
* Pwnables challenges where you need to exploit a specific local or remote
vulnerability, like buffer overflows, format strings or a different kind of
vulnerability. The level of difficulty can be made harder with mitigations
such as ASLR and NX.
* Web challenges which contains all web and HTTP related challenges.
Including, but not limited to: SQL injection, directory traversal, file
inclusion, scripting language quirks, XSS, remote command execution.

Besides the main CTF we will run a "mini" CTF which contains challenges for
beginning CTF players.

To promote the CTF and SHA2017 we will run a Teaser round, which will
contain 4-6 challenges in different categories and with different
difficulties. The winner of this Teaser round will win four tickets to
SHA2017.

We hope to create an amazing CTF for SHA2017 and we hope this email gave a
good insight in what we are planning. For more information about the CTF
and the upcoming Teaser round, follow us on Twitter: @sha2017ctf

Kind regards,

The SHA CTF organizers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sha2017.org/cgi-bin/mailman/private/orga/attachments/20170508/ca3399a4/attachment.html>