From Forgotten Security’s CTF Wiki

This is the beginning of the construction of a wiki for information about various CTFs and InfoSec Competitions. I had it set for OPEN EDIT, but jerks from the Ukraine decided to deface my site a bunch times this week. Now you need an account to make edits. Feel free to use the information and/or register and contribute. My current focus is getting information about each competition, but as I have more time/help, I will be writing labs for each subject needed for these competitions. If you have any questions, feel free to email me at Forgotten {at} forgottensec {dot} com

The InfoSec field has a very strong community. Moving with those sentiments, I have decided to dedicate this wiki to organizing competition information for CTFs. These competitions help the skills of community to be passed along in a fun and enjoyable way. As many of us are love solving challenges, CTFs are a natural step to learn and improve. Getting started with CTFs can be daunting, I hope that the information within helps people to improve their skills and become a stronger part of the community. In turn, I hope as people improve, they come back and contribute to help others.

This site will be transitioned to http://ctfwiki.pwnwiki.io ... if your interested in helping, the new site will be managed through Github to give contributors better credit for their contributions!

Resources

Training

Tools

Groups

Competitions

Jan

Reg Date Quals Date Finals Online Name Nov 27, 2012 -

Jan 30, 2013 None Jan 18-Jan 31, 2013 Yes US Cyber Challenge None ? Feb 15-17, 2013 No Ghost in the ShellCode

Feb

Reg Date Quals Date Finals Online Name (?) (?) Feb 1-4, 2013 Yes HackIM (?) Feb (?) Finals Only CodeGate (?) Feb Feb 16 Finals Only Capitol Hill CTF (?) None Feb 22, 2012 Yes Stripe

March

Reg Date Quals Date Finals Online Name Feb 22, 2013 (?) March 10 2013 Yes RuCTF (?) (?) Mar 23rd-24th, 2013 Finals Only RIT ISTS (?) None March No CCDC Competition Info

April

Reg Date Quals Date Finals Online Name Apr 4, 2012 None Apr 4-5, 2012 No AppSecDC (?) None Apr 6th, 2013 No Cyber Security Summit (?) March Regional CCDC Apr 20-22, 2012 No CCDC Competition Info (?) None Apr 27-29, 2012 Yes PlaidCTF Apr 4-29, 2012 None Apr 16-30, 2012 Yes US Cyber Challenge

May

Reg Date Quals Date Finals Online Name Nov 28th-Dec 14th Dec. 15-17, 2012

10am-10am MSK May 22 & 23, 2013 Quals Only Positive Hack Days (?) (?) May 11-13, 2012 No CarolinaCon CTF Open Now N/A Memorial Day, Mon May 27th Yes UnalloCTF

June

Reg Date Quals Date Finals Online Name (?) (?) (?) (?) (?)

July

Reg Date Quals Date Finals Online Name Opens Mid-May None July 26-27 Yes Mitre CTF (?) May 24th-26th 2013 July 2nd-3rd Quals Only SecuInside N/A None August 1-4 No oCTF ? ? August 1-4 No DefConCTF

August

Reg Date Quals Date Finals Online Name

September

Reg Date Quals Date Finals Online Name (?) None Sept 27-30, 2012 No DerbyCon CTF Sept 1, 2012 Sept 28-30, 2012 Nov 15-17, 2012 Yes CSAW

October

Reg Date Quals Date Finals Online Name Jan 1, 2013 (?) (?) Yes CTF365 (?) None Jan 25, 2012 Yes Mozilla Oct 2 - Oct 24, 2012 (?) Oct 12-25 Yes US Cyber Challenge (?) Aug 8, 2012 Oct 25, 2012 Quals Only CyberLympics (?) None Oct 23-25, 2012 Yes HackLu Sept 19, 2012 Sept 13-15th &

Sept 27-29th 2012 Oct 16/17, 2012 Quals only MDC3

November

Reg Date Quals Date Finals Online Name Oct 30 - Nov 19, 2012 (?) Nov 7-20 Yes US Cyber Challenge By Sept 30th 2012 Nov.-Feb March 14th-15th 2013 Quals only CyberPatriot

December

Reg Date Quals Date Finals Online Name Nov 1, 2012 None Nov 1, 2012 Yes DC3 (?) (?) Dec. 27th, 13:37 UTC -

Dec. 29th, 23:42 UTC Yes C3 CTF

Old

Variable or Continuous

Online CTFs

Resources

CTF Information - Contains practice CTFs and other info

g0tmi1k.blogspot - Video walkthroughs of tons of the Vulnerable VMs/Software & other great info.

To be filed

Competition Organizer Resources

Cybersecurity Competition Federation - New Group aiming to help competition players, mentors, sponsors and organizers

Practice Materials

Vulnerable VMs/Software

pwnos Debian VM http://www.backtrack-linux.org/forums/showthread.php?t=2748

WebGoat Web App - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Metasploitable 2 http://sourceforge.net/projects/metasploitable/files/Metasploitable2/



Metasploitable 2 official walkthrough: https://community.rapid7.com/docs/DOC-1875

Metasploitable 2 walkthrough blog post: http://nkush.blogspot.com/2011/09/metasploitable-walkthrough.html



Metasploitable] Ubuntu 8.04 VM http://www.offensive-security.com/metasploit-unleashed/Metasploitable

DVWA - Damn Vulnerable Web App http://sourceforge.net/projects/dvwa/?_test=b

Web Security Dojo - http://dojo.mavensecurity.com/

DVL - Damn Vulnerable Linux - Discontinued, last release 1/26/09 http://distrowatch.com/table.php?distribution=dvl



(Version 1.5 is currrently available via http://www.computerdefense.org/dvl/ (captcha))

UltimateLAMP - http://ronaldbradford.com/tmp/UltimateLAMP-0.2.zip

Random - VMWare Appliances http://www.vmware.com/appliances/

Nist XP VM - http://nvd.nist.gov/fdcc/index.cfm (Renamed_Admin / P@ssw0rd123456)

SQLoL https://github.com/SpiderLabs/SQLol

Moth http://www.bonsai-sec.com/en/research/moth.php Vulnerable Web Apps

De-Ice L1D1 http://www.mediafire.com/?bfo9b21g2m69tb6

De-Ice L1D2 http://www.mediafire.com/?tnci5ewmcoyrp8o

De-Ice L1D3 A&B http://forums.heorot.net/viewtopic.php?f=18&t=482

De-Ice L2D1 http://www.mediafire.com/?tnci5ewmcoyrp8o

OffSec Lab - Offensive Security Labs has 47 computers for exploitation

Secutor Prime - http://www.threatguard.com/downloads - Windows VM for scoring/practicing hardening skills according to govÃ¢ÂÂt standards

http://21ltr.com/scenes/21LTR.com_Scene1_2.120_v1.0.iso

Kioptrix Level 1

Kioptrix Level 2

Kioptrix Level 3

Kioptrix Level 4

Kioptrix Downloads page - Also has lvl 4 for Hyper-V and hashes



Cheap Training - Don't Know about Quality

hackingdojo Cheap Training, Questionable Value

ninja-sec

US Gov Baseline Config: http://usgcb.nist.gov/usgcb_content.html

Web Security Dojo - Web App Exploitation Training VM

Pen Tester Blogs

www.de-ice.net - Thomas Wilhelm

www.room362.com - Mubix



Conferences

More exhaustive list: Secore.info Academic: see http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm (papers are usually freely available on the author's website)

January

February

ShmooCon - Washington, DC Got ShmooBalls to throw?

BSidesSanFrancisco - San Francisco, CA

RSA - San Francisco, CA

March

April

BSidesRoc - Rochester, NY http://bsidesroc.com

AppSecDC - Washington DC

Infiltrate - Miami Beach, FL http://infiltratecon.net

Notacon - Cleveland, OH

ThotCon - Chicago, IL

BSidesChicago - Chicago, IL

Outerz0ne - Atlanta, GA

May

LayerOne - Los Angeles, CA

CarolinaCon - Raleigh, NC

BSidesROC - Rochester, NY

June

SummerCon - Variable Location, last 2 years have been in NY

Hackademic - Newark, Delaware, New Con

BSideDetroit - Detroit, Michigan, New Con 2nd year

July

HOPE - New York City, NY

Black Hat - Las Vegas, NV (Your Employer paying the bill, right?)

BSidesLV - Las Vegas, NV

DefCon - Las Vegas, NV

August

ToorCamp - Washington State, Run by the same people as ToorCon, but on a slightly different locale



September

Brucon - Ghent, Belgium

DerbyCon - Louisville, KY

ToorCon - San Diego, CA

44Con - London, England

October

SkyDogCon - Nashville, TN

Hacker Halted - Miami, FL

Hacklu - Luxembourg

GrrCon - Grand Rapids, MI

BsidesDC - Washington DC (2013)

Hack3rcon - Charleston, WV

AppSecUSA - Austin, TX

November

BSidesDE - Wilmington, DE

MDDFI - Largo, MD (http://www.mddfi.org/)

December

C3 - Berlin, Germany

For a full list, check out SeCore.info