| Promo Video: |
|---|
| Introduction |
|---|
If you are interested in joining Bearshell and learning more about the club, join our Slack and come to our weekly meetings. More details for the Fall 2024 semester, including an information meeting, will be posted here and in the Slack as we get closer to the semester.
All skill levels are welcome. We provide resources to help introduce new members to CTFs, including the bootcamp, which will guide you through the basics of CTF challenges and give a foundation to build off.
CTF challenges are broken into different categories (see below), so we do the same in the bootcamp, teaching the fundamentals for each topic along with tools that are used for that topic. The only way to really improve at CTFs is to practice and struggle through challenges, so the bootcamp is centered around practice challenges to solidy your knowledge.
To complete the bootcamp, go to our custom pwn.college dojo, where you will find the challenges for the bootcamp. In the dojo, each topic will have its own module to work through. Powerpoints and further practice for each module can be found in the Bootcamp repo.
New members should also join the club through our WUGO.
| Linux CLI and Python Scripting |
|---|
Before we go into the different CTF topics, it is important that everyone is familiar with a Linux environment and the different ways they may be expected to interact with and solve challenges. Therefore, this topic will introduce the Linux command line and interacting with processes and connections using Python.
| Web Security |
|---|
Given a web page, can you find the flag? Easier challenges will hide the flag on the client side, whereas intermediate to hard challenges involve using the APIs provided on the web page to gain unauthorized access to data on the server. This can include SQL injections, client-side authorization, weak server-side authorization checks, and much more. More advanced web challenges can also fall into the pwn category.
| Cryptography |
|---|
Being the mathematical side of cybersecurity, cryptographic challenges include almost any challenge involving mathematical calculations. Often, the challenge encrypts the flag, and the goal is to decrypt the flag by finding a mistake in the encryption. Both standard and custom cryptographic techniques are used, making this category go in-hand with reverse engineering.
| Steganography and Forensics |
|---|
Steganography (steg) and forensics focus on extracting the flag from obscured data. Steg is the practice of hiding information (the flag) inside files, most commonly images, without an observable change in the file. Forensics focuses on broken or obscure data formats that must be analyzed in order to find the flag. This can include network or disk image analysis.
| Reverse Engineering |
|---|
Reverse engineering is a skill needed by almost any challenge. Simply put, given code, you need to know what it does. Reverse engineering also presents its own type of challenges which give code that performed complex operations on the flag and must be reversed to get back to the original flag.
| Pwn |
|---|
The art of pwning refers broadly to the act of finding and executing a vulnerability in a program. We will focus on Linux binary exploitation (pwn applied to Linux binaries). Binary exploitation focuses on taking control of the low-level systems that control a running process. This can then be used to run arbitrary instructions and gain unauthorized access to files, such as the flag!