All members are welcome, but we require new members participate in the CTF bootcamp to join. The bootcamp will help guide you through the basics of CTF challenges and give you a foundation of knowledge to build off. CTF challenges are often broken into different categories, so we will do the same here, teaching the fundamentals for each topic along with tools that are used for challenges in that topic. We will also give practice challenges to go through as a way to solidy your knowledge. The only way to really improve at CTFs is to practice and struggle through challenges!

Go to our custom pwn.college dojo to see the challenges associated with the bootcamp. In the dojo, each topic will have its own module to work through. Note: you must make an account before accessing the dojo. You can also see the materials associated with each bootcamp meeting.

Before we go into the different CTF topics, it is important that everyone is familiar with a Linux environment and the different ways they may be expected to interact with and solve challenges. Therefore, this topic will introduce the Linux command line and interacting with processes/connections using python scripts.

Given a web page, can you find the flag? Easier challenges will hide the flag on the client side, whereas intermediate to hard challenges involve using the APIs provided on the web page to gain unauthorized access to data on the server. This can include SQL injections, client-side authorization, weak server-side authorization checks, and much more. More advanced web challenges can also fall into the pwn category.

Being the mathematical side of cybersecurity, cryptographic challenges include almost any challenge involving mathematical calculations. Most often, the challenge encrypts the flag, and the goal is to decrypt the flag by finding a mistake in the encryption. Both standard and custom cryptographic techniques are used, making this category go in-hand with reverse engineering.

Steganography (steg) and forensics focus on extracting the flag from obscured data. Steg is the practice of hiding information (the flag) inside files, most commonly images, without an observable change in the file. Forensics focuses on broken or obscure data formats that must be analyzed in order to find the flag. One such example is using Wireshark to analyze network traffic and extract the hidden flag.

Reverse engineering is a skill needed by almost any challenge. Simply put, given code, you need to determine what it does. Reverse engineering also presents its own type of challenges which give code that performed complex operations on the flag and must be reversed to get back to the original flag.

Referring broadly to the act of finding and executing a vulnerability in a program, pwn is the category that is most similar to hacking. We will focus on binary exploitation (pwn applied to binaries). Binary exploitation focuses on taking control of the low-level systems that control a running process. This can then be used to run arbitrary instructions and gain unauthorized access to files, such as the flag!