Main Page

From Forgotten Security’s CTF Wiki
Jump to: navigation, search

This is the beginning of the construction of a wiki for information about various CTFs and InfoSec Competitions. I had it set for OPEN EDIT, but jerks from the Ukraine decided to deface my site a bunch times this week. Now you need an account to make edits. Feel free to use the information and/or register and contribute. My current focus is getting information about each competition, but as I have more time/help, I will be writing labs for each subject needed for these competitions. If you have any questions, feel free to email me at Forgotten {at} forgottensec {dot} com

The InfoSec field has a very strong community. Moving with those sentiments, I have decided to dedicate this wiki to organizing competition information for CTFs. These competitions help the skills of community to be passed along in a fun and enjoyable way. As many of us are love solving challenges, CTFs are a natural step to learn and improve. Getting started with CTFs can be daunting, I hope that the information within helps people to improve their skills and become a stronger part of the community. In turn, I hope as people improve, they come back and contribute to help others.

Contents


Resources

Training

Tools

Groups

Competitions

Jan

Reg Date Quals Date Finals Online Name
Nov 27, 2012 -
Jan 30, 2013
None Jan 18-Jan 31, 2013 Yes US Cyber Challenge
None  ? Feb 15-17, 2013 No Ghost in the ShellCode

Feb

Reg Date Quals Date Finals Online Name
(?) (?) Feb 1-4, 2013 Yes HackIM
(?) Feb (?) Finals Only CodeGate
(?) Feb Feb 16 Finals Only Capitol Hill CTF
(?) None Feb 22, 2012 Yes Stripe

March

Reg Date Quals Date Finals Online Name
Feb 22, 2013 (?) March 10 2013 Yes RuCTF
(?) (?) Mar 23rd-24th, 2013 Finals Only RIT ISTS
(?) None March No CCDC Competition Info

April

Reg Date Quals Date Finals Online Name
Apr 4, 2012 None Apr 4-5, 2012 No AppSecDC
(?) None Apr 6th, 2013 No Cyber Security Summit
(?) March Regional CCDC Apr 20-22, 2012 No CCDC Competition Info
(?) None Apr 27-29, 2012 Yes PlaidCTF
Apr 4-29, 2012 None Apr 16-30, 2012 Yes US Cyber Challenge

May

Reg Date Quals Date Finals Online Name
Nov 28th-Dec 14th Dec. 15-17, 2012
10am-10am MSK
May 22 & 23, 2013 Quals Only Positive Hack Days
(?) (?) May 11-13, 2012 No CarolinaCon CTF
Open Now N/A Memorial Day, Mon May 27th Yes UnalloCTF

June

Reg Date Quals Date Finals Online Name
(?) (?) (?) (?) (?)

July

Reg Date Quals Date Finals Online Name
Opens Mid-May None July 26-27 Yes Mitre CTF
(?) May 24th-26th 2013 July 2nd-3rd Quals Only SecuInside
N/A None August 1-4 No oCTF
 ?  ? August 1-4 No DefConCTF

August

Reg Date Quals Date Finals Online Name

September

Reg Date Quals Date Finals Online Name
(?) None Sept 27-30, 2012 No DerbyCon CTF
Sept 1, 2012 Sept 28-30, 2012 Nov 15-17, 2012 Yes CSAW

October

Reg Date Quals Date Finals Online Name
Jan 1, 2013 (?) (?) Yes CTF365
(?) None Jan 25, 2012 Yes Mozilla
Oct 2 - Oct 24, 2012 (?) Oct 12-25 Yes US Cyber Challenge
(?) Aug 8, 2012 Oct 25, 2012 Quals Only CyberLympics
(?) None Oct 23-25, 2012 Yes HackLu
Sept 19, 2012 Sept 13-15th &
Sept 27-29th 2012
Oct 16/17, 2012 Quals only MDC3

November

Reg Date Quals Date Finals Online Name
Oct 30 - Nov 19, 2012 (?) Nov 7-20 Yes US Cyber Challenge
By Sept 30th 2012 Nov.-Feb March 14th-15th 2013 Quals only CyberPatriot

December

Reg Date Quals Date Finals Online Name
Nov 1, 2012 None Nov 1, 2012 Yes DC3
(?) (?) Dec. 27th, 13:37 UTC -
Dec. 29th, 23:42 UTC
Yes C3 CTF

Old

Reg Date Quals Date Finals Online Name
(?) (?) March 15th-16th 2013 Yes ForbiddenBITS
(?) (?) March 22nd 2013 Yes UCSB_iCTF
(?) (?) April 27th 2013 No Cross City CTF
(?) (?) (?) No CEIC Forensic Challenge
(?) None Pilot Yes National Cyber League
(?) (?) (?) Yes Cyber Defence University Challenge
(?) (?) (?) No Hack the Flag 2012
None (?) Aug 22-29 Yes Stripe
Open None Sept 20-Dec 7, 2012 Yes Haxathon
Opens Oct 3rd (?) Oct 8th 10am EST
- Oct 18th 10am EST
Yes HackYou
(?) (?) Nov 17th-18th
2pm-2pm EST
Yes PoliCTF
(?) (?) Nov 24th Yes RuCTF
(?) (?) Nov 30th 8am-8pm EDT Yes rwthCTF
(?) (?) (?) Yes National Cyber League
Oct 24th, 2012 - Dec. 28th, 2012 Dec 29th-30th, 2012
noon-Midnight
(?) Yes ATAST

Variable or Continuous

Online CTFs

Resources

To be filed

Competition Organizer Resources

Practice Materials

Vulnerable VMs/Software
pwnos Debian VM http://www.backtrack-linux.org/forums/showthread.php?t=2748
WebGoat Web App - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Metasploitable 2 http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

       Metasploitable 2 official walkthrough: https://community.rapid7.com/docs/DOC-1875 
Metasploitable 2 walkthrough blog post: http://nkush.blogspot.com/2011/09/metasploitable-walkthrough.html

Metasploitable] Ubuntu 8.04 VM http://www.offensive-security.com/metasploit-unleashed/Metasploitable
DVWA - Damn Vulnerable Web App http://sourceforge.net/projects/dvwa/?_test=b
Web Security Dojo - http://dojo.mavensecurity.com/
DVL - Damn Vulnerable Linux - Discontinued, last release 1/26/09 http://distrowatch.com/table.php?distribution=dvl

  (Version 1.5 is currrently available via http://www.computerdefense.org/dvl/   (captcha))

UltimateLAMP - http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip
Random - VMWare Appliances http://www.vmware.com/appliances/
Nist XP VM - http://nvd.nist.gov/fdcc/index.cfm (Renamed_Admin / P@ssw0rd123456)
SQLoL https://github.com/SpiderLabs/SQLol
Moth http://www.bonsai-sec.com/en/research/moth.php Vulnerable Web Apps
De-Ice L1D1 http://www.mediafire.com/?bfo9b21g2m69tb6
De-Ice L1D2 http://www.mediafire.com/?tnci5ewmcoyrp8o
De-Ice L1D3 A&B http://forums.heorot.net/viewtopic.php?f=18&t=482
De-Ice L2D1 http://www.mediafire.com/?tnci5ewmcoyrp8o
OffSec Lab - Offensive Security Labs has 47 computers for exploitation
Secutor Prime - http://www.threatguard.com/downloads - Windows VM for scoring/practicing hardening skills according to gov’t standards
http://21ltr.com/scenes/21LTR.com_Scene1_2.120_v1.0.iso
Kioptrix Level 1
Kioptrix Level 2
Kioptrix Level 3
Kioptrix Level 4
Kioptrix Downloads page - Also has lvl 4 for Hyper-V and hashes

Cheap Training - Don't Know about Quality
hackingdojo Cheap Training, Questionable Value
ninja-sec
US Gov Baseline Config: http://usgcb.nist.gov/usgcb_content.html
Web Security Dojo - Web App Exploitation Training VM

Pen Tester Blogs
www.de-ice.net - Thomas Wilhelm
www.room362.com - Mubix

Conferences

More exhaustive list: Secore.info Academic: see http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm (papers are usually freely available on the author's website)

January

February

March

April

May

June

July

  • HOPE - New York City, NY
  • Black Hat - Las Vegas, NV (Your Employer paying the bill, right?)
  • BSidesLV - Las Vegas, NV
  • DefCon - Las Vegas, NV

August

  • ToorCamp - Washington State, Run by the same people as ToorCon, but on a slightly different locale

September

October

November

December

  • C3 - Berlin, Germany

For a full list, check out SeCore.info

Personal tools