Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK

1. GETTING STARTED WITH SECURITY
THROUGH CTFs
By Geethna T K and Shruti Dixit

2. About Us
● Reverse Engineering | Binary Exploitation
● CTF Players
● Part of Team bi0s | Team Shakti
● Sophomores - Amrita School of Engineering, Amritapuri
● @rudyerudite | @GeethnaTk

3. What is a CTF?
● CTF - Capture The Flag
● Ethical hacking contest
● Hack the code and get the flag
● Play as a team or go solo!

4. Book Learning V/S CTF style learning
● Institutions - emphasize theory rather than practice.
● CTFs are build upon teamwork.
● CTFs - perceive attacker’s point of view.
● Communities build through CTFs
● And yes, learning is free of course!

5. Two Styles of CTF

6. Jeopardy Style
Insert one image from InCTF or j
● Variety of challenges
● Scoring < -- > Difficulty

7. Jeopardy Style
Categories:
● Reverse Engineering
● Binary Exploitation
● Forensics
● Cryptography
● Web Exploitation
● Android Security
< / >

8. Cryptography
Involves understanding the
cryptosystem and breaking the
ciphertext.
TOOLS:
● Sage Math
● Pycrypto Library
● Crypton

9. Reverse
Engineering
Understanding and analyzing a
system and looking for
vulnerabilities
TOOLS:
● GDB
● Radare2
● IDA Pro
● Binary Ninja

10. Binary
Exploitation
Binary exploitation is the art of
triggering vulnerabilities and
redirecting code execution to
perform functions that are
unintended by the developer.
Tools:
● Pwndbg
● Gdb-peda
● Ropgadgets

11. Web
Exploitation
Finding hidden backdoors in
websites with an ingenuous look
TOOLS:
● BurpSuite
● Edit this Cookie
● Just Hit Ctrl+Shift+I!

12. Forensics
Cyber Forensics is a science which
deals with techniques used to track
the footprints left behind a cyber
attack.
TOOLS:
● Exiftool
● Stegsolve
● Binwalk
● Wireshark

13. Some popular
Jeopardy CTFs

14. Attack Defense
Style
Insert one image from InCTF or j● Multiple servers running with
same vulnerabilities
● Exploit others but first protect
your services

15. How do I get started?

16. #becybersmart with CyberGurukulam

17. Hunting talents at the root level

18. InCTFj
● Only CTF contest for Indian school students
● Training for selected 50 students from all over India
● Final round - to learn how to put the taught skill sets into
practice.

19. Learn | Hack | Win

20. What is InCTF all about?
● India’s first CTF for college students
● Completed 9 editions so far
● Aim - to encourage students towards security

21. How did Team bi0s get
started?

22. Timeline of Team bi0s
Ranked One
Number 1 in India in
2016, 2017 and 2018.
Currently ranked 7th
in
the world
Founded in
2007
For CIPHER3
CTF
Computer
Security Club
The first of the kind
Students club in India
Top Finishes
Finished in top 10 in
several international
security
competitions
1 2 3 4

23. What CTF teaches you?
● Team building
● Importance of secure Coding
● Essence of the real infosec exploits
● Enhances your skill sets

24. Resources
● https://wiki.bi0s.in/
● https://www.youtube.com/InCTFj
● https://github.com/ashutosh1206/Crypton
● http://cryptopals.com/
● https://github.com/abhi-r3v0/Adhrit
● http://crackmes.cf/archive/
● https://pwnable.xyz/challenges/
● http://pwnable.tw/
● http://websec.fr/
● http://angr.io/
● https://ringzer0ctf.com/

25. Questions?

26. See you in the
next CTF!