Proposal: Security training and eventual CTF - Security & Cryptography

Users browsing this thread: 1 Guest(s)
Long time nixers
It would be interesting to set up a few capture the flag tournaments(CTF) in a few months with training sessions leading up to the tournaments. UnixHub would be a great base to try this with enthusiastic members who have a great mix of experience providing excellent collaborative potential.

So my proposal is as follows:


Not every member at UnixHub will be versed in information security but I have a feeling almost every member would be interested in learning a thing or two about the 'darker' side of computer geekery that is hacking or penetration testing. Due to this it would be cool to run a few training sessions which could start at the basics and work it's way forward slowly to prepare everyone with a few skills which may be utilised in the competitions to come.

This would involve:
  • A monthly task with one or more aspects to it.
  • The aspects could vary in difficulty to keep the more experienced members entertained while give a more challenging goal to the less experienced members if they want to push themselves.
  • The tasks would provide interesting relevant topics for people to discuss amongst each other on the forums whether they want to collaborate or just ask for tips.
  • I'd like assume directly telling other members the answer would be frowned upon, this is a learning process after all.
  • A progression around many different parts of a penetration ranging from scanning techniques to web application to pivoting through compromised machines.

Capture the Flag

Assuming the tasks would be monthly, if each task had significant depth it would be safe to assume within roughly 6 months members would have a developed enough base knowledge to perform a full hack of their own but leave enough unknown for it not to be trivial.

I am not quite sure how we would structure the CTF yet so this section will remain open to suggestions over the months if this idea comes to fruition. To my knowledge there are a few different types of CTF which could be done.

Challenges and Benefits

Obviously this idea isn't without it's challenges and it isn't entirely selfless on my behalf.
  • Firstly we would need some sort of server space to perform anything mentioned here which I don't have access to and so would need to acquire this in some way.
  • Secondly I am definitely not skilled in setting these kind of systems up, I've focused most of my learning on the breaking of things rather than setting them up in the first place. I would need experienced assistance in setting everything up which will provide a learning experience for me.

Other than that, this could provide a learning experience or at least some fun for anyone interested in security. Anyone more interested in the system admin side could also learn the do's and don'ts helping setting up the tasks/CTF if they don't want to get into the attacking side.

Finally, sorry about the layout of this, tried to put things in sections and then just waffled in each of them.

Lets hear comments, suggestions, feedback in any sense!

If anyone can provide what is needed in terms of consulting or helping with the systems for the tasks/CTF. The structure for both is up for grabs at the moment so any input is great.

Thanks, Derby.

Messages In This Thread
Proposal: Security training and eventual CTF - by Derby - 23-09-2013, 01:06 PM