SHA2017

During SHA 2017 we will be organizing a CTF that can be played both onsite and online. This blog post is meant to provide some insight into the SHA 2017 CTF that is currently being built. 

What is a CTF

A CTF is a Capture The Flag hacking game. The game generally exists of multiple hacking-related challenges which need to be solved during the time the CTF takes place. Players play in teams and compete against each other. Most CTFs run for about 24-48 hours and can be played online. During the CTF all challenges are provided in a controlled environment, and everything is completely legal. No hacking of external parties or the other teams takes place.

Most of the hacking events or conferences these days have an official CTF during the event/conference. A good example is the yearly CTF at CCC. We personally think a CTF is a great addition to an event and provides visitors another form of technical entertainment. 

SHA2017 CTF

To warm everyone up for the CTF, we will be hosting a teaser round. During this teaser round it is possible to win tickets for SHA2017! The SHA organization has provided 4 tickets for the team that solves (without cheating...) all of the challenges first. Failing that, the team that has the most points at the end of the teaser round gets the tickets.

Dates and times 

• The CTF Teaser round will take place on Saturday the 10th of june 2017 from 14:00 till 22:00 (CEST), 8 hours in total. 
• The CTF will take place from Saturday the 5th of August 2017 12:00 (CEST) until Monday the 7th of August 2017 0:00 (CEST), a total of 36 hours.
• The CTF can be played onsite and online, but of course onsite will be much more fun. We will provide space for CTF players in our CTF tent (space is limited however). But also non-players are welcome to visit our CTF village to learn more about CTFs or visit to have a chat and meet like-minded people.

Set up

Basically, we have 6 categories with each challenges in multiple difficulties.

• Binary challenges where you get a binary which you need to reverse engineer. Binaries are usually Windows or Linux executables, but can also be from more exotic environments.
• Crypto challenges which involves classic crypto algorithms such as substitution, Vigenere and Caesar Ciphers, or more advanced challenges including weaknesses in ECB mode, bit flipping, padding oracle attacks or hash function length extension attacks.
• Forensics challenges, which contains anything related to forensics. Challenges can include Windows, Linux, Android or Exotic platform forensics.
• Network challenges, such as analyzing packet captures or network communication, port knocking, etc.
• Pwnables challenges where you need to exploit a specific local or remote vulnerability, like buffer overflows, format strings or a different kind of vulnerability. The level of difficulty can be made harder with mitigations such as ASLR and NX.
• Web challenges which contains all web and HTTP related challenges. Including, but not limited to: SQL injection, directory traversal, file inclusion, scripting language quirks, XSS, remote command execution.

Besides the main CTF we will be hosting a "junior" CTF which contains challenges for beginning CTF players, to make sure everyone gets the chance to enjoy the CTF.

About us

The CTF is created by an experienced group of hackers who are part of the Eindbazen CTF team. To get a better understanding of the setup and kind of challenges that players will encounter we would like to refer to the CTF that was organized by the same team during OHM 2013, which was called ebCTF: https://ebctf.nl/

We hope to create an amazing CTF for SHA2017 and we hope this blog post gave a good insight in our upcoming plans. For more information about the CTF and the upcoming Teaser round, follow us on Twitter: @sha2017ctf or keep an eye out on http://ctf.sha2017.org