NUS Greyhats Capture The Flag 101 is a capture-the-flag (CTF) style workshop that will be spanned over two Saturdays. Participants will learn techniques and tools to exploit software vulnerabilities to uncover secret flags hidden in various challenge. This workshop is designed to be progressive and is beginner friendly. In addition, we will have a live CTF scoreboard to show your ranking :)
You can sign up for the event here (while stocks last).
Date: 15 and 22 August 2015
Time: 1PM - 5PM
Venue: School of Computing COM 1 Seminar Room 3
(Registration from 12.30PM onwards)
15 August 2015
This session will focus on systems security which includes topics in source code auditing, representation of code as data, exploitation of insecure scripts, exploitation of format string bugs, and exploitation of memory corruption bugs.
22 August 2015 This session will focus on web security which includes topics on the web environment cross site scripting, cross site request forgery, SQL injection and command injection.
What to bring?
Please bring along your laptop to complete the challenges.
As with a typical CTF, it is good to come prepare with the tools needed. For CTF 101, we recommend that you have the following
- A Linux environment with your favourite scripting language (such as python), binutils, gcc, and gdb installed*
- An SSH client
- Browsers such as Firefox and Chrome
- Browsers extension such as
Cookie manager: https://addons.mozilla.org/En-us/firefox/addon/cookies-manager-plus/
- Intercepting proxy such as Burp (https://portswigger.net/burp/ )
**You may wish to install this in a virtual machine. If you do not have any virtualisation software, you may want to consider VirtualBox (https://www.virtualbox.org).
Frequently Asked Question:
- I am not a student in NUS. Can I join this event? Yes. However, due to venue constraint, priority will be given to NUS student. Do note that this workshop will require internet access. Non-NUS student will need to source for their own internet access (eg. 3G/4G network)