THE UVA INFORMATION SECURITY OFFICE
IS HOSTING A VIRTUAL CAPTURE THE FLAG EVENT
FOR ALL FACULTY, STAFF, AND STUDENTS
FROM 1PM TO 4PM ON THURSDAY, APRIL 6, 2023.
Are you ready to test your cybersecurity skills, practice and learn new things, and see how your team measures up against others at UVA? Join UVA Information Security for a virtual Capture the Flag event on April 6! Whether you are a seasoned pro or have only basic cybersecurity knowledge, all are welcome to compete. Win prizes and bragging rights through a series of security related challenges - either solo or with a team!
The event will be held on April 6, 2023, from 1pm to 4pm (ET) using the MetaCTF platform. All you need is an Internet connection to access MetaCTF and participate in the event. During this virtual Capture the Flag (CTF) event, participants will work to solve a variety of cybersecurity challenges to find a hidden piece of data called a "flag". For example, participants may be asked to decrypt a message, reverse engineer a binary, or trace some network traffic. Each challenge is based on a real-world cybersecurity concept and is designed to teach the concept as the participant solves it. See the information below for more information on MetaCTF and CTE events.
How Do I Register?
Register here to save your spot! You can register as an individual or team of up to four participants. Don’t have a team? You can still join in on the fun and learning. Sign up on the site and request to be placed with a team. Please use a valid email address when registering; it will be used for updates and prize distribution. Contact [email protected] if you have additional questions.
You can register up to the time of the event or even during the event. Just remember registering after the start of the event decreases your chances of winning because you will have less time to get through the challenges.
Want to know more?
What is MetaCTF?
MetaCTF was started by a group of students at the University of Virginia as a volunteer project running capture-the-flag (CTF) events at high schools and universities. Their goal is to make cybersecurity education accessible and fun. They create hands-on, interactive, and educational capture-the-flag (CTF) events that make it easy to learn new cybersecurity skills by breaking down complex cybersecurity concepts into engaging challenges that simulate real world scenarios. Since 2014, they have held over 50 events and trainings globally for various clients. Visit their website at https://metactf.com/ for more information.
What is a CTF?
A CTF is an event where participants work in teams to solve a variety of cybersecurity challenges to find a hidden piece of data called a "flag". For example, the participants may be asked to decrypt a message, reverse engineer a binary, or trace some network traffic. Each challenge is based on a real-world cybersecurity concept and is designed to teach the concept as the participant solves it.
A cybersecurity Capture The Flag (CTF) event is a competition designed to teach and test a variety of computer skills. There are different types of CTFs, but ours is jeopardy-style. Your goal as a competitor is to solve a series of security-related tasks by analyzing provided materials (a log file, an encrypted message) or breaking into a vulnerable application. The goal of a competition like this is to learn, so you're expected to research and use the internet to figure out how to solve the challenges.
The goal of each CTF problem is to find a "flag," which is a string of text that you can submit for points. For example, flags can be obtained by cracking ciphers, hacking into vulnerable websites, analyzing log files, etc. Each challenge will provide you with the information you need to get started.
In our CTF, the challenges will start out easy and become progressively more difficult. Easier challenges will have lower point values.
This guide will discuss the most common CTF challenge categories and go over sample problems from each of those categories. Most of these challenges have been taken from the public MetaCTF CyberGames 2021 event, which took place in December 2021. Even though the event is over, you can still access the challenges for practice. Register for the practice CTF here or learn more about that event here.
The categories in our CTFs usually include:
- Web Exploitation
- Reconnaissance / OSINT
- Reverse Engineering
- Binary Exploitation
Often, challenges might fall into more than one category. In that case, they’re usually assigned the category that matches the problem most closely. For example, a mobile app challenge with a vulnerable web API might fall into both reverse engineering and web exploitation categories.
* Some of the category descriptions have been adapted from https://ctf101.org/.
Don't waste time! Sign up today!
March 23, 2023