WebCtF Uni Bremen

Gastbeitrag 2023

Prof. Dr. Lars Fischer

(Hochschule Bremerhaven)

Vorstellung

Prof. Dr. Lars Fischer

Portrait Prof.Dr. Lars Fischer

Hochschule Bremerhaven seit 2020

Denomination
IT-Sicherheit
Werdegang
  • Informatik Uni Bremen
  • Promotion TU-Darmstadt
  • Sicherheitsberater Leipzig
  • WiMi/Prof. Uni-Siegen
  • CC Leitung OFFIS

Sicherheits-Realitäts-Abstands-Labor (SiReAL)

Map of virtual machines running on chengisao

Phish2Own CtF Team

WTF is CtF?

Attack-Defence
  • Live-Action (Host-) Security Exercise
  • Probably invented at DefCon
  • Prepared Team-Host
  • Analyse — Exploit — Patch
  • Frameworks (ictf))
Jeopardy
  • Vulnerability-Themed Riddles
  • Often Timed-Events
  • Framework supported (ctfd, GZCTF, …)
Wargames
  • Level-based "Hacking" Riddles
  • Solve Level n for Accessing Level n+1
ctftime

Jeopardy

Jeopardy

Upcoming

Upcoming CTF Events from ctftime

Attack-Defence

Write-Up

Boost your reputation by providing a PoC.
  • Title/Link of Challenge
  • What's the problem
    • Important Code-Snippets
    • Description of Vulnerability
  • Your PoC
  • Academic Exercise:

Example

Ablauf

  1. Registrierung
  2. Join/Create Team
  3. Join WebCtF Uni Bremen
  4. Challenge lösen
  5. Write-Up einreichen

0915 Start — 1345 Final Scores

Registrierung

Registrierungsmaske
  • Nutzername/Passwort
  • Email ⇒ beliebig

Join/Create Team

Team Details with Invite Code
  • Choose a fancy name!
  • Open Team Details
  • Invite Code to Members
  • Max. 3 Players

Where to find vulns?