Software Security - S18

CSE 545

CTF3 Preparation Guide

A key part of studying security is putting your skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this.

Our third in-class CTF will be held on Wednesday, April 11th in EDC 117 at the usual time (4:35–5:50pm). This challenge will focus on application security and web security topics we have covered so far.

This will be our first foray into attack/defense CTFs.

You will be given SSH access to a virtual machine, which contains the vulnerable services (web and binaries) as well as access to every other team’s VM (over IP).

Your goal is to analyze each service, find the vulnerability, create an exploit, launch the exploit at all the other teams, and patch your service.

As your project is a CTF tool that helps you win the PCTF, and the PCTF will use the same infrastructure as CTF3, you should use this opportunity to brainstorm project ideas.