A Beginner’s Guide To Hackathons
This is a written version of my Technical talk at BEERCON2: rise of the rookies the video of the talk can be found here
A Beginner’s Guide To Hackathons & CTFs from Beginners
Who are we?
Chloe: Student currently studying cyber security and digital forensics at university. Needs to get a life.
Jen: A literal god
Charlie: Cyber Security & Forensics Student – Has no idea what they are doing at any given moment.
List of Events:
- Hack The Police Lincoln – 2018
- Lincoln Hackathon – 2016 , 17, 18, 2019
- Hack The Police London – 2019
- Merseyside Hackathon – 2018
- Defcon
- HackTheBox
- Cyber security challenge UK
- CSAW 2020
What’s our talk about?
- Introduction to CTF’s & Hackathons
- Stories from past events
- Lessons we have learnt
- Getting started
What’s a ctf /hackathon
CTF
CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name!
Hackathon
Hackathon you try to use tech to hack into real world problem to solve them better. It’s a 24–72 hours product making competition where every team needs to develop a product from scratch during those pretty hours. A team size can vary from 2–6 depending on the organization who is organizing it.
How do they help the community ?
- Getting people to think in a different mindset
- Make new contacts
- Create better relationships between sponsors and people at the hackathons
- Develop new skills
CSCV challenge coin (team duck bear)
Back in December 2018 Lincolnshire Police held a Hackathon called “Hack The Police”.
In attendance at the Hackathon were some members of CSCV, one of them being native to Lincoln itself. Naturally the challenges that were presented were taken with a lot of enthusiasm, however, CSCV presented a side quest – “The Coin Challenge”.
According to sources, this challenge has been farmed out to quite a few organisations (within the UK and International) and have had quite a bit of difficulty with this challenge; putting it bluntly this challenge has been in the air for over a year now and still to this day, has not been solved.
CSCV challenge coin tools and techniques
Cyber Chef
Wireshark
Kleopatra
John The Ripper
GIMP
Recon CTF (DEF CON Safe Mode)
- Our first time competing in DEF CON
- Started later, begun on final day
- OSINT Challenge based
- CTF (Capture the flag)
- Our first time competing in OSINT
CTF tools and techniques
Wayback machine
- Go back to view a webpage when it was cached (handy for looking at stuff people think they deleted)
EXIF/Metadata
- See when and where an image was taken, handy for finding out when and where a person may have been in an area.
Social media
- Contact’s of others are occasionally weak links, they give away a persons location even if that person has their profile on lockdown
- Pictures posted on social media often have geotags
Google lens & Reverse image search
- Searching for information from an image
Hackathons tools and techniques
- Know who you are talking too
- Collaboration
- Learn from others
- Think outside the box
- Experiment with new technology
What was learnt from those events?
Time Management
- Event’s are time controlled
- Prioritizing tasks
Building Teams
- Working with people to achieve a goal
- Delegation of tasks
Asking Questions
- If you don’t know how to do something? ASK!
- Finding why someone would think that way
Practice for CTFs & Hackathons
Hack The Box
- Test skills against challenges created
- Has things from OSINT, to web challenges to machines to get root on.
- Challenges are submitted by user’s
- Free
Immersive Labs
- Walk’s people through the techniques needed to complete challenges on platforms like HTB.
- Has many different paths you can practice, such as OSINT, Wireshark, Cyber defence.
- Sadly is paid for.
“Tell your family you love them… You never know when the end is nigh”
- Charlie (26/10/2020)
W҉h҉e҉r҉e҉ ҉T҉o҉ ҉F҉i҉n҉d҉ ҉U҉S҉
Jennifer Technically Possible
https://technicallypossible.carrd.co/
Twitter – @Techypossible
Chloe Name aka ErrorByNight aka Clive
https://twitter.com/ErrorByNight
Twitter – @ErrorByNight
Charlie LostHawk
Twitter – @Lottie1326
Has finally been located