A Beginner’s Guide To Hackathons


This is a written version of my Technical talk at BEERCON2: rise of the rookies the video of the talk can be found here


A Beginner’s Guide To Hackathons & CTFs from Beginners

Who are we?

Chloe: Student currently studying cyber security and digital forensics at university. Needs to get a life.

Jen:  A literal god

Charlie: Cyber Security & Forensics Student – Has no idea what they are doing at any given moment.

List of Events:

  • Hack The Police Lincoln – 2018
  • Lincoln Hackathon – 2016 , 17, 18, 2019
  • Hack The Police London – 2019
  • Merseyside Hackathon – 2018
  • Defcon
  • HackTheBox
  • Cyber security challenge UK
  • CSAW 2020

What’s our talk about?

  • Introduction to CTF’s & Hackathons
  • Stories from past events
  • Lessons we have learnt
  • Getting started

What’s a ctf /hackathon

CTF
CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name!

Hackathon
Hackathon you try to use tech to hack into real world problem to solve them better. It’s a 24–72 hours product making competition where every team needs to develop a product from scratch during those pretty hours. A team size can vary from 2–6 depending on the organization who is organizing it.

How do they help the community ?

  • Getting people to think in a different mindset
  • Make new contacts
  • Create better relationships between sponsors and people at the hackathons
  • Develop new skills

CSCV challenge coin (team duck bear)

Back in December 2018 Lincolnshire Police held a Hackathon called “Hack The Police”.


In attendance at the Hackathon were some members of CSCV, one of them being native to Lincoln itself. Naturally the challenges that were presented were taken with a lot of enthusiasm, however, CSCV presented a side quest – “The Coin Challenge”.

According to sources, this challenge has been farmed out to quite a few organisations (within the UK and International) and have had quite a bit of difficulty with this challenge; putting it bluntly this challenge has been in the air for over a year now and still to this day, has not been solved.

CSCV challenge coin tools and techniques

Cyber Chef

Wireshark

Kleopatra

John The Ripper

GIMP

Recon CTF (DEF CON Safe Mode)

  • Our first time competing in DEF CON
  • Started later, begun on final day
  • OSINT Challenge based
  • CTF (Capture the flag)
  • Our first time competing in OSINT

CTF tools and techniques

Wayback machine

  • Go back to view a webpage when it was cached (handy for looking at stuff people think they deleted)

EXIF/Metadata

  • See when and where an image was taken, handy for finding out when and where a person may have been in an area.

Social media

  • Contact’s of others are occasionally weak links, they give away a persons location even if that person has their profile on lockdown
  • Pictures posted on social media often have geotags

Google lens & Reverse image search

  • Searching for information from an image

Hackathons tools and techniques

  • Know who you are talking too
  • Collaboration
  • Learn from others
  • Think outside the box
  • Experiment with new technology

What was learnt from those events?

Time Management

  • Event’s are time controlled
  • Prioritizing tasks

Building Teams

  • Working with people to achieve a goal
  • Delegation of tasks

Asking Questions

  • If you don’t know how to do something? ASK!
  • Finding why someone would think that way

Practice for CTFs & Hackathons

Hack The Box

  • Test skills against challenges created
  • Has things from OSINT, to web challenges to machines to get root on.
  • Challenges are submitted by user’s
  • Free

Immersive Labs

  • Walk’s people through the techniques needed to complete challenges on platforms like HTB.
  • Has many different paths you can practice, such as OSINT, Wireshark, Cyber defence.
  • Sadly is paid for.

“Tell your family you love them… You never know when the end is nigh”

  • Charlie  (26/10/2020)

W҉h҉e҉r҉e҉ ҉T҉o҉ ҉F҉i҉n҉d҉ ҉U҉S҉

Jennifer Technically Possible
https://technicallypossible.carrd.co/
Twitter –  @Techypossible

Chloe Name aka ErrorByNight aka Clive
https://twitter.com/ErrorByNight

Twitter – @ErrorByNight

Charlie LostHawk
Twitter –  @Lottie1326

Has finally been located

Leave a Reply

Your email address will not be published. Required fields are marked *