ISSA

Intro Level Capture The Flag (CTF)

If you are interested in various hacking programs but are still fairly new, then this is the session for you! This session will be a pressure-free environment where everyone can come together to learn and network with like-minded professionals. This session will be held in conjunction with the ISSA Mid Atlantic Conference. This special addition to the ISSA Mid Atlantic Conference will be led by Marcelle Lee of LookingGlass Cyber Solutions and Tyrone E. Wilson of Cover6 Solutions. Please note this session is limited to 40 participants and is free to conference attendees. To sign up for the CTF, select the check box during the ISSA registration.

Participant Requirements:
  • A computer with at least 4 GB RAM (preferably 8 GB) and 5+ GB of storage space (local or external).
  • Install VirtualBox for your OS. Be sure to also install the Extension Pack. Note: if you are using a different virtual machine player we will not be able to troubleshoot issues for you.
  • Download workshop materials here: https://goo.gl/zuLW42.
  • Download the proper Kali Linux VirtualBox Image for your operating system. If you already have Kali you can skip this step and import the Target.ova into VirtualBox.

Scenario:
A small company called Initech has three legitimate corporate users on the Ubuntu box. The company website has clues about possible employee credentials. There is also an important file the attacker will want to steal. The Kali box is your attacker box. The Ubuntu box is your victim box.

Goals:
Gain access to the Ubuntu box and find all 6 flags. The flags are referred to as flag1, flag2, etc. Establish persistence so you can regain access via a different method and/or credential use. Exfiltrate the important file. Cover evidence of your activities on the Ubuntu box. Consider how a defender could protect their organization against the activities you perform as the attacker.

Steps:
  1. Reconnaissance
  2. Scanning/Enumeration
  3. Exploitation/Gaining Access
  4. Establishing persistence
  5. Covering tracks