This is the beginning of the construction of a wiki for information about various CTFs and InfoSec Competitions. I had it set for OPEN EDIT, but jerks from the Ukraine decided to deface my site a bunch times this week. Now you need an account to make edits. Feel free to use the information and/or register and contribute. My current focus is getting information about each competition, but as I have more time/help, I will be writing labs for each subject needed for these competitions. If you have any questions, feel free to email me at Forgotten {at} forgottensec {dot} com

The InfoSec field has a very strong community. Moving with those sentiments, I have decided to dedicate this wiki to organizing competition information for CTFs. These competitions help the skills of community to be passed along in a fun and enjoyable way. As many of us are love solving challenges, CTFs are a natural step to learn and improve. Getting started with CTFs can be daunting, I hope that the information within helps people to improve their skills and become a stronger part of the community. In turn, I hope as people improve, they come back and contribute to help others.

Contents 1 Resources 2 Competitions 2.1 Variable or Continuous 2.2 Online CTFs 2.3 Resources 2.4 To be filed 3 Practice Materials 4 Conferences

Resources

Training

Tools

Groups

Competitions

Jan

Reg Date	Quals Date	Finals	Online	Name
Nov 27, 2012 - Jan 30, 2013	None	Jan 18-Jan 31, 2013	Yes	US Cyber Challenge
None	?	Feb 15-17, 2013	No	Ghost in the ShellCode

Feb

Reg Date	Quals Date	Finals	Online	Name
(?)	(?)	Feb 1-4, 2013	Yes	HackIM
(?)	Feb	(?)	Finals Only	CodeGate
(?)	Feb	Feb 16	Finals Only	Capitol Hill CTF
(?)	None	Feb 22, 2012	Yes	Stripe

March

Reg Date	Quals Date	Finals	Online	Name
Feb 22, 2013	(?)	March 10 2013	Yes	RuCTF
(?)	(?)	Mar 23rd-24th, 2013	Finals Only	RIT ISTS
(?)	None	March	No	CCDC Competition Info

April

Reg Date	Quals Date	Finals	Online	Name
Apr 4, 2012	None	Apr 4-5, 2012	No	AppSecDC
(?)	None	Apr 6th, 2013	No	Cyber Security Summit
(?)	March Regional CCDC	Apr 20-22, 2012	No	CCDC Competition Info
(?)	None	Apr 27-29, 2012	Yes	PlaidCTF
Apr 4-29, 2012	None	Apr 16-30, 2012	Yes	US Cyber Challenge

May

Reg Date	Quals Date	Finals	Online	Name
Nov 28th-Dec 14th	Dec. 15-17, 2012 10am-10am MSK	May 22 & 23, 2013	Quals Only	Positive Hack Days
(?)	(?)	May 11-13, 2012	No	CarolinaCon CTF
Open Now	N/A	Memorial Day, Mon May 27th	Yes	UnalloCTF

June

Reg Date	Quals Date	Finals	Online	Name
(?)	(?)	(?)	(?)	(?)

July

Reg Date	Quals Date	Finals	Online	Name
Opens Mid-May	None	July 26-27	Yes	Mitre CTF
(?)	Jun 9-11, 2012	Jul 10-11	Quals Only	SecuInside
N/A	None	August 1-4	No	oCTF
?	?	August 1-4	No	DefConCTF

August

Reg Date	Quals Date	Finals	Online	Name

September

Reg Date	Quals Date	Finals	Online	Name
(?)	None	Sept 27-30, 2012	No	DerbyCon CTF
Sept 1, 2012	Sept 28-30, 2012	Nov 15-17, 2012	Yes	CSAW

October

Reg Date	Quals Date	Finals	Online	Name
Jan 1, 2013	(?)	(?)	Yes	CTF365
(?)	None	Jan 25, 2012	Yes	Mozilla
Oct 2 - Oct 24, 2012	(?)	Oct 12-25	Yes	US Cyber Challenge
(?)	Aug 8, 2012	Oct 25, 2012	Quals Only	CyberLympics
(?)	None	Oct 23-25, 2012	Yes	HackLu
Sept 19, 2012	Sept 13-15th & Sept 27-29th 2012	Oct 16/17, 2012	Quals only	MDC3

November

Reg Date	Quals Date	Finals	Online	Name
Oct 30 - Nov 19, 2012	(?)	Nov 7-20	Yes	US Cyber Challenge
By Sept 30th 2012	Nov.-Feb	March 14th-15th 2013	Quals only	CyberPatriot

December

Reg Date	Quals Date	Finals	Online	Name
Nov 1, 2012	None	Nov 1, 2012	Yes	DC3
(?)	(?)	Dec. 27th, 13:37 UTC - Dec. 29th, 23:42 UTC	Yes	C3 CTF

Old

Reg Date	Quals Date	Finals	Online	Name
(?)	(?)	March 15th-16th 2013	Yes	ForbiddenBITS
(?)	(?)	March 22nd 2013	Yes	UCSB_iCTF
(?)	(?)	April 27th 2013	No	Cross City CTF
(?)	(?)	(?)	No	CEIC Forensic Challenge
(?)	None	Pilot	Yes	National Cyber League
(?)	(?)	(?)	Yes	Cyber Defence University Challenge
(?)	(?)	(?)	No	Hack the Flag 2012
None	(?)	Aug 22-29	Yes	Stripe
Open	None	Sept 20-Dec 7, 2012	Yes	Haxathon
Opens Oct 3rd	(?)	Oct 8th 10am EST - Oct 18th 10am EST	Yes	HackYou
(?)	(?)	Nov 17th-18th 2pm-2pm EST	Yes	PoliCTF
(?)	(?)	Nov 24th	Yes	RuCTF
(?)	(?)	Nov 30th 8am-8pm EDT	Yes	rwthCTF
(?)	(?)	(?)	Yes	National Cyber League
Oct 24th, 2012 - Dec. 28th, 2012	Dec 29th-30th, 2012 noon-Midnight	(?)	Yes	ATAST

Variable or Continuous

• ThreatSpace - Monthly Challenge, none for July due to DefCon
• Sans NetWars - http://www.sans.org/cyber-ranges/netwars/
• PacketWars - http://www.packetwars.com
• hackthissite - http://hackthissite.org
• Smash the Stack - http://smashthestack.org/
• Hack Miami - lots of CTFs, no details currently - http://hackmiami.org
• Forensics Contest - LMG Security’s Forensic Contest - http://forensicscontest.com
• HoneyNet Project Challenges - http://www.honeynet.org/challenges/
• Halls of Valhalla - Hundreds of challenges and an active community that adds new challenges as they think of them
• Hellbound Hackers - New

Online CTFs

• Security Treasure Hunt http://www.securitytreasurehunt.com/
• http://www.root-me.org/?lang=en
• http://www.hackthissite.org/
• http://exploit-exercises.com/
• http://hackquest.com
• http://securitytraps.no-ip.pl/
• http://www.astalavista.com/index.php?app=hackingchallenge (you must create a username & password to see the server info)

Resources

• CTF Information - Contains practice CTFs and other info
• g0tmi1k.blogspot - Video walkthroughs of tons of the Vulnerable VMs/Software & other great info.

To be filed

• Microsoft BlueHat
• Top_Coder - Individual Challenges
• Crack Me if you can Password/Hash Cracking
• BSides London Reversing Challenges
• Ethical Hacker Network's Challenge
• Google Summer of Code - could be interesting
• Smash The Stack - Primers: at Art of Exploitation and [here]
• http://google-gruyere.appspot.com/
• http://www.enigmagroup.org/
• http://www.crackmes.us/
• https://www.facebook.com/hackercup
• http://www.wechall.net/
• http://www.overthewire.org/wargames/
• http://challenge.spider.io/
• http://challenge.constantcontactsecurity.com/ - Starts out extremely easy
• http://sourceforge.net/projects/lampsecurity/ - provides several Capture The Flag challenges
• http://exploit-exercises.com/
• https://pwn0.com/ - Network of Danger and fun!

Practice Materials

Vulnerable VMs/Software
pwnos Debian VM http://www.backtrack-linux.org/forums/showthread.php?t=2748
WebGoat Web App - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Metasploitable 2 http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

       Metasploitable 2 official walkthrough: https://community.rapid7.com/docs/DOC-1875 

       Metasploitable 2 walkthrough blog post: http://nkush.blogspot.com/2011/09/metasploitable-walkthrough.html 

Metasploitable] Ubuntu 8.04 VM http://www.offensive-security.com/metasploit-unleashed/Metasploitable
DVWA - Damn Vulnerable Web App http://sourceforge.net/projects/dvwa/?_test=b
Web Security Dojo - http://dojo.mavensecurity.com/
DVL - Damn Vulnerable Linux - Discontinued, last release 1/26/09 http://distrowatch.com/table.php?distribution=dvl

  (Version 1.5 is currrently available via http://www.computerdefense.org/dvl/   (captcha))

UltimateLAMP - http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip
Random - VMWare Appliances http://www.vmware.com/appliances/
Nist XP VM - http://nvd.nist.gov/fdcc/index.cfm (Renamed_Admin / P@ssw0rd123456)
SQLoL https://github.com/SpiderLabs/SQLol
Moth http://www.bonsai-sec.com/en/research/moth.php Vulnerable Web Apps
De-Ice L1D1 http://www.mediafire.com/?bfo9b21g2m69tb6
De-Ice L1D2 http://www.mediafire.com/?tnci5ewmcoyrp8o
De-Ice L1D3 A&B http://forums.heorot.net/viewtopic.php?f=18&t=482
De-Ice L2D1 http://www.mediafire.com/?tnci5ewmcoyrp8o
OffSec Lab - Offensive Security Labs has 47 computers for exploitation
Secutor Prime - http://www.threatguard.com/downloads - Windows VM for scoring/practicing hardening skills according to gov’t standards
http://21ltr.com/scenes/21LTR.com_Scene1_2.120_v1.0.iso
Kioptrix Level 1
Kioptrix Level 2
Kioptrix Level 3
Kioptrix Level 4
Kioptrix Downloads page - Also has lvl 4 for Hyper-V and hashes

Cheap Training - Don't Know about Quality
hackingdojo Cheap Training, Questionable Value
ninja-sec
US Gov Baseline Config: http://usgcb.nist.gov/usgcb_content.html
Web Security Dojo - Web App Exploitation Training VM

Pen Tester Blogs
www.de-ice.net - Thomas Wilhelm
www.room362.com - Mubix

Conferences

Academic: see http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm (papers are usually freely available on the author's website)

January

February

• ShmooCon - Washington, DC Got ShmooBalls to throw?
• BSidesSanFrancisco - San Francisco, CA
• RSA - San Francisco, CA

March

April

• BSidesRoc - Rochester, NY http://bsidesroc.com
• AppSecDC - Washington DC
• Infiltrate - Miami Beach, FL http://infiltratecon.net
• Notacon - Cleveland, OH
• ThotCon - Chicago, IL
• BSidesChicago - Chicago, IL
• Outerz0ne - Atlanta, GA

May

• LayerOne - Los Angeles, CA
• CarolinaCon - Raleigh, NC
• BSidesROC - Rochester, NY

June

• SummerCon - Variable Location, last 2 years have been in NY
• Hackademic - Newark, Delaware, New Con
• BSideDetroit - Detroit, Michigan, New Con 2nd year

July

• HOPE - New York City, NY
• Black Hat - Las Vegas, NV (Your Employer paying the bill, right?)
• BSidesLV - Las Vegas, NV
• DefCon - Las Vegas, NV

August

• ToorCamp - Washington State, Run by the same people as ToorCon, but on a slightly different locale
  

September

• Brucon - Ghent, Belgium
• DerbyCon - Louisville, KY
• ToorCon - San Diego, CA
• 44Con - London, England

October

• SkyDogCon - Nashville, TN
• Hacker Halted - Miami, FL
• Hacklu - Luxembourg
• GrrCon - Grand Rapids, MI
• BsidesDC - Washington DC (2013)
• Hack3rcon - Charleston, WV
• AppSecUSA - Austin, TX

November

• BSidesDE - Wilmington, DE
• MDDFI - Largo, MD (http://www.mddfi.org/)

December

• C3 - Berlin, Germany

For a full list, check out SeCore.info