Battelle Beginner CTF Guide
CTFs are a fun, laid back way to practice the skills you need for a career in cyber security! These challenges break complex techniques into bite sized problems. Are they contrived? Sometimes, but the skills you learn throughout these competitions will give you marketable skills as you look to get into jobs in this field.
Problems in this CTF will be presented in a “jeopardy style”. Challenges will appear on the game board and have a point value assigned to them. The higher the point value the harder the problem! The goal is to solve as many problems as possible and push your score as high as possible before the competition ends. In some problems you will be looking for a hidden message, in others you’ll be reversing an algorithm to figure out what input will give you the answer you seek. The answer should be clear when you find it, but wrong guess are not counted against you! (but please don’t try to fuzz our server!)
Problems will be broken into several categories:
Also known as “pwnable” or “Binary Exploitation”. These problems typically involve some form of memory corruption or redirection of control flow. New to memory corruption? Take a look at the paper that started it all, Smashing the Stack for Fun and Profit
Also known as “RE” or “Reverse Engineering”. These problems typically require you to pull apart the program, figure out how it works and then figure out how to get it to do what you want it to do. These could require you to perform some kind of static analysis (decompile/disassemble, examining files etc) or some kind of dynamic analysis (debugging, concolic analysis, or simply running the program repeatedly). Want to take a look at how a you might want to approach a reverse engineering problem? Take a look here.
This CTF’s Catchall. Also known as “misc” or “miscellaneous”. There are problems that will require some form of creative thinking to get around. Perhaps there is some protocol analysis, file forensics or other critical thinking. Be creative and think outside the box!
To really succeed in this and other CTFs, you’ll want to know your way around a few tools:
- From basic analysis to complex binary searching, nothing beats the utility of a Linux command line. Additionally, a large number of problems you are likely to encounter will be Linux executables. Don’t have access to a Linux terminal in your host OS? Try installing a virtual machine using one of the many free tools like Oracle's Virtualbox.
- You might want to gain familiarity with a debugger for both windows and Linux environments. Debugging a program to step through instructions, examine running memory or contrl program flow directly can be invaluable. GHIDRA, x64dbg and IDA’s debugger are all fine choices, but it’s hard to beat the classic gdb.
- When reverse engineering a program you will want something that turns all those 1’s and 0’s into something human readable. IDA, Radare2 (R2)and Binary Ninja are all good choices, though the NSA’s open source project GHIDRA is a great all around reverse engineering framework.
- How does the internet actually work? Well cliché interview questions aside, networking has a LOT going on under the hood. You will want some familiarity with tools that cut through to the meat of data packets quickly. For Protocol analysis, nothing beats Wireshark with it’s thousands of built in protocol plugins that can dissect just about any networking packet you throw at it. If you are looking at modifying a request as it is heading on its way out, some good options are Burpsuite or the built in developer tools in browsers like Firefox and Chrome.
- Sometimes, especially in file forensics, you NEED to sort through the 1’s and 0’s to make sense of data. You will be looking for patterns and trying to pick important pieces out of raw binary. To do this efficiently, you’ll want to utilize a template based tool like 010 Hex Editor. With 010 you can build a template (or use one someone else has built!) to pick out and identify fields in a file automatically, a real time saver!
One thing to remember as you get into higher level CTFs… Challenge developers know what tools you are going to use to attempt to solve a problem. All of the tools listed here have shortcomings or blind spots, which clever developers can build challenges to exploit, so be careful relying on tools too much! Throwing this here for a nice reminder that even the best CTF players can be thrown for a loop when none of their tools work. Take the challenge cLEMENCy from DEF CON CTF for example:
"This year’s DEF CON CTF used a unique hardware architecture, cLEMENCy, and only released a specification and reference tooling for it 24 hours before the final event began. cLEMENCy was purposefully designed to break existing tools and make writing new ones harder. This presented a formidable challenge given the timeboxed competition occurs over a single weekend."
If you notice any issues with the challenges or need a little bit of help along the way, feel free to email us at: email@example.com