WACTF 0x02

Hack to the Future. Part 2

Talk schedule now released!

Welcome Bob / Alice / Eve,

This is a Capture The Flag (CTF) cyber security challenge in Western Australia. A two day event where your skills will be pitted against a range of technical challenges. A cyber security CTF is a type of information security competition where players solve security challenges from categories such as digital forensics, web application exploitation, and cryptography to get flags. Each flag has a points value associated with it based on the difficulty of the challenge. After the success of the first WACTF in 2017, we’ve decided to do it all again with a completely new set of challenges for WACTF 0x02.

This CTF has been built by members of the Perth security community. It’s not a set of theoretical challenges, it’s built from real life examples by people who work in the security field – penetration testers, developers, forensics specialists, etc. – with considerable input from industry. We’ve come together to put this event on to help uplift the profile of cyber security in W.A. – helping not only introduce new people to the field, but also to put industry and individuals together to help stop the brain drain (the exit of talent from WA) that we are seeing.

WACTF is open to individuals and teams up to four players. There are restrictions as to who can claim prizes, see the eligibility section. Registration for all players is necessary. The game will be played onsite where hacker juice and snacks will be provided to players. You will need to bring your laptop with wireless capability.

Prizes - which include a trip to BSides Canberra 2019 - will be awarded to the eligible teams that finish the game in the top places of the scoreboard. The awards ceremony will be a casual event held at the Joint Cyber Security Centre where industry and academic professionals scouting the next generation of Australian cyber security talent are invited to come along.

Key Points

Registration: Via this form
Open until 24th of November

CTF Time/Date: 09:00 - 17:00 WST
1st & 2nd of December, 2018

Game Location: Level 1, Bankwest Place. 300 Murray Street, Perth

What to bring: Your haxing laptop with wireless capability & ID if you’re eligible for prizes

Awards Ceremony: 17:30 - 19:30 WST 4th of December, 2018

Ceremony Location: Joint Cyber Security Centre
Level 15, 1 William St, Perth

Never played a CTF before? You should attempt a few before WACTF. Some of our favorites can be found here, here, and here

The information security experts who contributed their technical ability to WACTF can be found here.

Game Information

Prizes

First Place (team or individual)

Second Place (team or individual)

Third Place (team or individual)

Fourth Place (team or individual)

  • Audio-Technica ATH-CK400i Headset (each)

Top Scoring Highschool (team or individual)

  • 1x WiFi Pineapple Nano
  • 1x USB Rubber Ducky Deluxe
  • 1x LAN Turtle SD
  • 1x Packet Squirrel

Top Scoring (team or individual) - Offensive Challenges

  • Parrot Mambo Mission Drone (each)

Top Scoring (team or individual) - Defensive / Response Challenges

  • Ryze Tello Drone (each)

We also have door prizes – including 10x $50 JB Hi-Fi vouchers thanks to Bankwest – as well as a bunch of other tech swag to give out over the weekend too!

Rules

  • No denial of service actions (against the target environment, underlying infrastructure & wired/wireless networks or anything else related).
  • No subverting the platform or underlying infrastructure.
  • Maximum of four people per team.
  • Collusion between teams during WACTF is discouraged – there will likely be sessions in the weeks following WACTF where run-throughs will occur, so keep it to within your team whilst the comp is running.
  • WACTF is open to all ages, and there’s no alcohol permitted within the game rooms.

Eligibility

This game is open for people in Western Australia who are starting out or hoping to start out in the information security or penetration testing field. To be eligible for prizes you must fit into one of the following categories:

  • Highschool Student
  • Current Higher Education Student
  • Higher Education Graduate (graduated within the last year)
  • New to the Information Security field (up to one year of employment)

If you fall outside of the list you’re still welcome to register and play; however, you won’t be eligible for the prizes.

Registration

Registration is closed. Follow us on Twitter to keep informed.

Industry Support

One of the core aims of WACTF is to bring together industry and individuals. We see too much good talent leaving WA due to an overall low level of awareness of the need for cyber-security related skills, or the inability for entities to find the right talent.

If you would like to come along to WACTF as an observer, or attend our awards and networking session following the event, please register your interest in the form to the right and we’ll keep you informed as we progress.

We are open to additional industry involvement and support to help make WACTF even more successful. If you would like to get involved to support, please get in touch here.

Talks @ WACTF

Thanks to the fantastic Bankwest venue, we have a dedicated room (right next to the main game room) where we are able to run talks, panels and other good things for our WACTF competitors. All of the talks are run by people in industry sharing their knowledge with those starting out / wanting to start out. Come along, ask questions, learn things.

Talks are free to attend, and you can come to as many or as few as you like. There’s no need to register for any of them, just show up. We’ll also announce the talks in the main games room before they commence too.

If you’re new to this, we strongly suggest that you attend the very first talk (Saturday 10am) on getting started for your first CTF.

Setting up for your first CTF

Speaker: Clinton Carpene / @swarley777
An introduction into capture the flag competitions. Bring your laptop along as this talk will address common CTF challenge types, workflows, and (most importantly) appropriate tools and environment setup.

Beginner's guide to Linux Privilege Escalation

Speaker: Adam Foster / @evildaemond
You've breached the perimeter, you're in :shades: Now what? The account is a low privileged user with very little access. This talk is a quick introduction to privilege escalation - using that low level account to get higher privileged access and eventually, root.

Is your [email protected]! really secure??

Speaker: Rami Tawil / @drunkrhin0
Passwords have been used for years, but how secure are they REALLY? This talk explores why passwords are actually insecure and why human password culture is so poor.

Smashing The Stack: A quick tutorial

Speaker: Luke Healy / @I_uuke
Like the sound of buffer overflows and stack smashing but don't quite get it? Want to learn about the way stack memory can be manipulated and programs can be coerced in to running arbitrary code? This is a live, start-to-finish exploitation demo of a buffer overflow vulnerability in the freefloat FTP server. This is aimed at anyone who has heard of "buffer overflow", especially those who have a rough idea about how memory/CPU registers and machine code execution works.

Let's hack humans! A beginner's guide to social engineering

Speaker: Cairo Malet / @caiwrote
As security tech gets better, attackers are moving away from hacking networks and systems and finding an easier target - the soft, gooey humans behind the computers. This talk covers the basics of social engineering concepts, the psychological weapons used by attackers and how to run a typical social engineering engagement for a client (NOT for crime).

Fireside chat: I work in cyber security, ask me anything

Speaker: TBC
Come along and chat with people working in various cyber-security roles across Perth – across areas such as governance risk and compliance, defensive security, advice and consulting. Find out how they got into their roles, what a typical day consists of and more... Who knows, you might just find your niche ;-)

Intro to forensics

Speaker: Ben Hindmarsh / @snidepiano
What is the mystical Digital Forensics and Incident Response (DFIR) field and what does it entail? A brief look at the DFIR fields and their place in industry. Also a look at Forensics in CTFs (tips, techniques etc.).

A place in Spacecubed’s Plus Eight Pre-Accelerator Sprint

Spacecubed have provided us with two complimentary places to their next Pre-Accelerator Sprint to award to two people who are starting out, or who want to start out their own business. Run part-time (one evening per week) over six weeks from March 2019, this accelerator will connect you with business mentors, help you build your business plan and help grow your knowledge and your business idea.
Full details of the programme are available here.

The Competition: To win one of these places (valued at over $1,000 each), come along to this session and give us a 3 minute overview as to why you think that you would benefit from the placement. Pretty simple ;-)

And finally, whilst you need to meet certain criteria to be eligible for the other WACTF prizes, this competition is open to anyone who attends WACTF.

Saturday Schedule

Setting up for your first CTF
Time: 10am - 11am
Difficulty: 0/5 Beginner

Fireside chat: I work in cyber security, ask me anything
Time: 12:30pm - 1pm
Difficulty: 0/5 It's a Q&A session

Is your [email protected]! really secure??
Time: 1pm - 1:20pm
Difficulty: 1/5 No prior knowledge needed

Smashing The Stack: A quick tutorial
Time: 3pm - 4pm
Difficulty: 4/5

Sunday Schedule

Let's hack humans! A beginner's guide to social engineering
Time: 10am - 10:40am
Difficulty: 2/5 No prior knowledge needed

Intro to forensics
Time: 12pm - 12:30pm
Difficulty: 2/5 Some knowledge of operating systems and file systems will be helpful

Beginner's guide to Linux privilege escalation
Time: 12:30pm - 1pm
Difficulty: 2/5 Some Linux knowledge recommended

A place in Spacecubed’s Plus Eight Pre-Accelerator Sprint
Time: 1pm - 1:30pm
Difficulty: 0/5 If you have a business idea and want a place in an accelerator program, pitch to us and a spot could be yours