The CTF challenge environment has a variety of Cyber Security challenges. As it currently stands, the areas covered by the CTF challenge environment cover web exploitation, OS exploitation, PHP web application secure coding, cryptanalysis, and steganalysis. This environment is scored and can be added to and grown over time to expand the offerings. It provides a fun environment for participants to test their skills in various areas of Cyber Security.
There are currently 3 cryptography challenges. They all require the participants to analyze a given cryptographic scheme and find its weaknesses, then exploit the weakness to decrypt the secret.
Required Knowledge: These challenges test their ability to identify and exploit cryptographic weaknesses.
There are currently 4 steganography challenges. These also require the participants to exploit the weaknesses in the given challenge files.
Required Knowledge: This tests their ability to identify various ways of hiding information in various media.
There are 5 offensive challenges where the participants are required to examine a given web application, find the weakness, exploit it to gain limited access to the Operating System, then escalate their privileges by exploiting a secondary weakness in the underlying system itself. These 5 challenges are based off a single web application. Each challenge has the web application configured in a different way to expose a different web application vulnerability. Each challenge is in two parts, for a total of 10 components.
Successful participants must possess the ability to analyze a web application, identify security vulnerabilities, and exploit them, as well as analyze the configuration of an operating system and identify and exploit vulnerabilities.
For this category, the participants are presented with a web application that has many vulnerabilities. They are directed to remediate 4 of them at present.
Successful participants must know how to write PHP code, and also identify the source of web vulnerabilities and correct the problems without breaking the application.
Levels of Play:
This challenge is to energize and evangelize cybersecurity career pathways for high-school students and/or adults.
· 30 Challenges
· 7,000 points total
· Fix something win points
· Break something loose points
· Establish your own pace
This intermediate challenge is for individuals with 2+ years of experience in cybersecurity. Covers cryptography, steganography, offensive and defensive challenges.