MINI CTF APRIL 6 MINI CTF APRIL 6 MINI CTF APRIL 6
TIME: 1-4 pm, April 6
PLACE: Boston University, Math and Computer Science Building, 111 Cummington Mall, Room B24
FOOD: There will be donuts and coffee
On Saturday, April 6, 1-4pm, Boston University's BUILDS will host and MIT Lincoln Laboratory will run a mini Capture-The-Flag event to promote interest in and educate students about computer security. This is a low-stress non-competition. No prizes will be awarded! Instead, the emphasis here is on education. The challenges will be reverse-engineering ones of varying difficulty. The basic format and rough timetable for this mini-CTF will be
- 1:00-1:30 Overview of RE and demonstration of tools and techniques
- 1:30-3:30 RE like crazy. RE experts will help if you are stuck! Online scoreboard indicating winning team
- 3:30-4:00 Brief "How I did it" presentations by successful RE teams
There are no prerequisites to participate. Please consider joining us!
There are also no official limits on attendance. However, space is finite and an RSVP to mitllctf-org@mit.edu would be helpful for us to gauge interest and plan room.
Cheers.
~ CTF Mgmt
P.S. For more information about previous MIT LL Capture-The-Flag events, see https://wikis.mit.edu/confluence/display/MITLLCTF (https:/wikis.mit.edu/confluence/display/MITLLCTF)
NEU Team " " has posted a nice writeup of the ticket challenge: see Ticket page for link.
Congratulations to the MIT's Demolition Express (1st place), BU's BUILDS2 (2nd place), and BU's BUILDS (3rd place) teams! Northeastern's team " " once again showed its prowess as an attacker and gets to keep the MIT/LL CTF flag after earning the most 0wns in the game.
Thanks to all who came and played this weekend. We had a great time organizing this event, and hope you had a good time and learned a few things.
We now have a CTF Post Mortem page, which is an editable portion of the wiki (you have to register for an account, though). Please post your write-ups of the MIT/LL CTF challenges there. If you prefer, you can post the write-up on your own site and send us a link; we'll add it to the appropriate page.
The "5 minutes of fame" presentations are now up on the CTF Post Mortem page as well.
Hope you had a good time. If you're interested in working on computer security problems for more than just a weekend, see our website at http://www.ll.mit.edu and drop us a line - we're currently hiring for both summer internship and full-time positions.
Enjoy an extra hour of sleep (or hacking!), courtesy of daylight savings time. See you at 8am EDT tomorrow!
The 2012 MIT/LL CTF will officially commence tomorrow, Saturday, November 3. Registration (along with donuts and coffee!) starts at 8am in 26-152. Competition proper begins at 9am. Please see Events Calendar page for details.
Get some sleep. And good luck!
Additional details on what you should and shouldn't change on your Team VM have been posted to the FAQ page. It will be updated reasonably frequently as questions/answers come up.
Please familiarize yourself with The Rules for MIT/LL CTF; you're expected to follow them. Send us e-mail if you have any questions.
Please see updates on the Events Calendar for detailed competition schedule.
Team VMs for the 2012 MIT/LL CTF are now available via remote access (SSH). The VMs are substantially similar (though not entirely identical) to the one you were given at the first lecture, and has the following installed and configured:
- Ubuntu
- Apache
- MySQL
- Wordpress
- OpenSSH
- ntpd
The firewall (ufw) will be enabled and only allow SSH and NTP inbound connections.
To get access to your team's VM, your team captain needs to e-mail us an SSH pubkey. Once received, we will confirm receipt by e-mailing all team members with the fingerprint of this key and instructions on how to access the VM.
Since this is the simplest way for us to give you access, please e-mail us an SSH pubkey even if you do not intend to access the VM before the competition.
You can generate an SSH key pair using the following command on a Linux/Unix system:
$ ssh-keygen -t rsa -C "email@your_school.edu"
This will create two files: id_rsa (private key) and id_rsa.pub (public key). Please send us ONLY the public key, and make sure your private key is appropriately protected and backed up.
We now have an FAQ page that contains some logistical details about the CTF. More information forthcoming - please feel free to get in touch with us if you have specific questions (see Contact Us page).
Code for the binary services lecture has been posted on Lecture Slides page.
A final reminder - this evening is the 4th and final lecture in the MIT/LL CTF seminar series, focusing on defense and monitoring techniques for Linux servers. Given last year's experience, these concepts and tools will prove to be very useful.
Please join us for the 4th (and final!) lecture in the MIT/LL seminar series. This lecture will cover protection and monitoring mechanisms for Linux systems, including how to sandbox code, understand what processes are doing, monitor network connections, etc. You'll need all this (and more!) to defend your server during the competition. This lecture will be co-presented by Prof. Nickolai Zeldovich and your's truly.
In addition, we'll be making announcements about changes to scoring algorithm, CTF schedule and logistics, and a couple other things that you may be interested in. So if you can make this seminar, please do! Otherwise, we'll see you on Nov 3rd.
Lecture slides for the binary service exploitation and patching seminar have been posted on the Lecture Slides page for those who could not make it in person.
The third in our seminar series will cover binary service reversing and patching. We will present some advice on how to discover vulnerabilities, how to exploit these vulnerabilities and how to defend these services.
Prof. Wil Robertson (Northeastern University) and Joe Werther (MIT Lincoln Laboratory) will be co-presenting this seminar.
The second in our seminar series will cover Web application basics (HTTP, Cookies, HTML, JavaScript, etc) and server-side web-related issues (SQL Injection, XSS, XSRF, etc). We will present some advice on how to discover vulnerabilities in applications built on these technologies, how to exploit these vulnerabilities and how to defend web applications.
Prof. Engin Kirda (Northeastern University) and Joe Werther (MIT Lincoln Laboratory) will be co-presenting this seminar.