Introduction to Information Assurance - S20

CSE 365

The second 365CTF

A key part of studying security is putting your skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this.

Our second in-class CTF will be held on Thursday, April 28th. As explained below, the second CTF will also serve as part of the final for this course.

Step 1: Teams

You already have your teams for the second 365CTF based on the first CTF.

Step 2: Prepare for the CTF

Install the tools that we’ve discussed in class for things such network analysis (Wireshark), reverse engineering (Ghidra), etc.

The UGTAs are hosting a CTF tools information session 6pm–7pm on April 24th information on Piazza. I highly encourage your team to attend this event.

Step 3: Compete in the second 365CTF

Your entire team must join the in-class CTF on April 28th.

Step 4: Write and Submit a CTF writeup

As is traditional in CTFs, your team will write a writeup of the challenges that your team solved.

What we want to see in your writeup:

  1. How you solved each of the challenges that you solved.
  2. How you attempted to solve the other challenges in the CTF.
  3. What you learned during the CTF (new skills or techniques).

If you did not attempt a challenge, you do not have to include it in your writeup.

Your captain is responsible for submitting the writeup (in a file called README) on GradeScope by Wednesday, April 29th at noon.

Your team’s writeup will constitute your team’s grade for the second CTF (2.5% of your grade.

The Final

Given the current COVID pandemic, in lieu of a final exam, your team will create video walkthoughs of N CTF challenges. The nature of N (the number, which challenges, which categories, etc.) will be announced at the end of the second 365CTF.

We are looking for video walkthroughs of three challenges, two from the pwn category and one from crypto, re, or network.

Your video walkthroughs should demonstrate:

  1. What is the challenge
  2. How to approach solving the challenge (what tool to use, etc.)
  3. You solving the challenge (running the exploit code, extracting the flag, etc.)
  4. A brief description of how you would fix the vulnerability (if the challenge contained a vulnerability)

The evaluation criteria that we will use is how well you understand the challenge and the solution.

The captain must submit on GradeScope a README with links to your video walkthroughs by May 5th, 11:59pm MST. The README must specify your team name, team members, and the challenges that you created video walkthoughs. It can be one video or multiple videos. You can create an Unlisted video on YouTube or another hosting platform.