The Cyber Security Body of Knowledge (CyBOK) is a body of knowledge that aims to encapsulate the various knowledge areas present within cyber security. Scenarios within SecGen now contain XML elements linking them to CyBOK knowledge areas and specific topics within those knowledge areas. Additionally, video lectures for scenarios are tagged with CyBOK associations.
This file is an autogenerated index and cross referencing of the 40 SecGen CTF scenarios that have CyBOK metadata.
You can browse the list below in terms of the CyBOK Knowledge Areas, and Topics. The list of scenarios in the second half of this document includes keywords (also known as "indicative topics" in CyBOK terminology).
The all lowercase topics and keywords are provided by NCSC for CyBOK mapping, while all caps indicates it is taken from the CyBOK mapping reference, mixed case keywords are ones that we have added.
Cyber Security Body of Knowledge (CyBOK) Issue 1.1 is Crown Copyright, The National Cyber Security Centre 2021, licensed under the Open Government Licence http://www.nationalarchives.gov.uk/doc/open-government-licence/.
Authentication, Authorisation & Accountability (AAA)
Operating Systems & Virtualisation (OSV)
Applied Cryptography (AC)
Malware & Attack Technology (MAT)
Software Security (SS)
Security Operations & Incident Management (SOIM)
Web & Mobile Security (WAM)
Adversarial Behaviours (AB)
Forensics (F)
Privacy & Online Rights (POR)
Network Security (NS)
access_can_roll.xml
administration_woes.xml
all_moin.xml
brief_case.xml
container_escape.xml
disastrous_development.xml
encoding_challenges.xml
erlang_explosion.xml
eventful_data.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
nosferatu.xml
nw_cyber_games.xml
post_it.xml
putting_it_together.xml
rooting_for_a_win_user.xml
such_a_git.xml
time_to_patch.xml
access_can_roll.xml
administration_woes.xml
all_moin.xml
brief_case.xml
container_escape.xml
disastrous_development.xml
erlang_explosion.xml
eventful_data.xml
eyearesee.xml
feeling_blu.xml
ff_leaked.xml
nosferatu.xml
performance_peril.xml
putting_it_together.xml
rooting_for_a_win_user.xml
such_a_git.xml
time_to_patch.xml
access_can_roll.xml
analyse_this.xml
encoding_challenges.xml
feeling_blu.xml
ff_decode_me.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
flawed_fortress.xml
nw_cyber_games.xml
performance_peril.xml
post_it.xml
rooting_for_a_win.xml
time_to_patch.xml
administration_woes.xml
agent001.xml
agent_zero.xml
all_moin.xml
catching_sparks.xml
container_escape.xml
disastrous_development.xml
erlang_explosion.xml
eventful_data.xml
expert_reversing.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
immersing_reversing.xml
manage_this.xml
nosferatu.xml
performance_peril.xml
post_it.xml
ptsd.xml
putting_it_together.xml
rehearsing_reversing.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
administration_woes.xml
all_moin.xml
brief_case.xml
catching_sparks.xml
disastrous_development.xml
erlang_explosion.xml
eventful_data.xml
eyearesee.xml
feeling_blu.xml
hackme_crackme.xml
manage_this.xml
nosferatu.xml
performance_peril.xml
post_it.xml
ptsd.xml
rand_webapp.xml
rand_webapp_adv.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
administration_woes.xml
agent001.xml
agent_zero.xml
all_moin.xml
analyse_this.xml
banner_grab_and_run.xml
catching_sparks.xml
container_escape.xml
disastrous_development.xml
erlang_explosion.xml
eventful_data.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
manage_this.xml
nosferatu.xml
performance_peril.xml
post_it.xml
ptsd.xml
putting_it_together.xml
rand_webapp.xml
rand_webapp_adv.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
administration_woes.xml
all_moin.xml
brief_case.xml
catching_sparks.xml
container_escape.xml
disastrous_development.xml
erlang_explosion.xml
eventful_data.xml
feeling_blu.xml
manage_this.xml
nosferatu.xml
performance_peril.xml
rand_webapp.xml
rand_webapp_adv.xml
time_to_patch.xml
| Topic | Scenario |
|---|---|
| Server-Side Vulnerabilities and Mitigations | administration_woes.xml all_moin.xml brief_case.xml catching_sparks.xml disastrous_development.xml erlang_explosion.xml eventful_data.xml feeling_blu.xml manage_this.xml nosferatu.xml performance_peril.xml rand_webapp.xml rand_webapp_adv.xml time_to_patch.xml |
| Fundamental Concepts and Approaches | brief_case.xml container_escape.xml feeling_blu.xml rand_webapp.xml rand_webapp_adv.xml |
agent001.xml
agent_zero.xml
all_moin.xml
catching_sparks.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
nosferatu.xml
performance_peril.xml
post_it.xml
ptsd.xml
putting_it_together.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
all_moin.xml
analyse_this.xml
banner_grab_and_run.xml
encoding_challenges.xml
ff_decode_me.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
flawed_fortress.xml
nw_cyber_games.xml
performance_peril.xml
putting_it_together.xml
rooting_for_a_win.xml
| Topic | Scenario |
|---|---|
| Privacy Technologies and Democratic Values | all_moin.xml |
analyse_this.xml
banner_grab_and_run.xml
container_escape.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
ff_leaked.xml
manage_this.xml
nosferatu.xml
putting_it_together.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
such_a_git.xml
time_to_patch.xml
| Topic | Scenario |
|---|---|
| OSI (OPEN SYSTEM INTERCONNECT) MODEL | analyse_this.xml |
| PENETRATION TESTING | banner_grab_and_run.xml container_escape.xml ff_hackme_corp.xml ff_in_the_wild.xml ff_leaked.xml manage_this.xml nosferatu.xml putting_it_together.xml rooting_for_a_win.xml rooting_for_a_win_user.xml such_a_git.xml time_to_patch.xml |
| Key | Data |
|---|---|
| Name | Access can roll |
| Description | There are two problem solving access control challenges on the server. Look at the home directories and the .c files. 1: Use the access_my_flag program to access the two flags (hint: think about how you can use hardlink trickery to access relative paths). 2: Look at the two shell programs and how you can combine them together to get at a flag. Your password on both systems is: tiaspbiqe2r |
| Lab sheet | |
| Type | ctf-lab; hackerbot-lab; lab-sheet |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | shared_desktop; server |
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Real and effective identity; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Unix File Permissions; setuid/setgid; Hardlink protections |
| Applied Cryptography (AC) | Public-Key Cryptography | public-key signatures |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/access_can_roll.xml run
| Key | Data |
|---|---|
| Name | Automation Woes |
| Description | There is a process hosted on a remote server that is vulnerable to exploit. Find a way in then escalate to root. |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | James Davis |
| Linked videos | |
| VM names | server; attack_vm |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Serialized objects |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/administration_woes.xml run
| Key | Data |
|---|---|
| Name | Agent Zero: Licence to Hack |
| Description | In this scenario, as a secret agent analyst specializing in cyber security, you are authorized to conduct offensive operations against those who threaten the digital safety and security of your country. You have been tasked with conducting a penetration test and to investigate the operations of 'The Organization' in order to discover their evil plans. As the exercise progresses, you will uncover more and more evidence of the organization's evil plans. We beleive they are using aliases, and cover businesses. The only reliable intel we have is that there is an operative that goes by the alias 'viper'. You will need to use a variety of tools and techniques to perform an attack: network scanning and exploitation to gain a foothold, escalate privileges as necessary, and gather and analyze data data to collect evidence. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; evil_server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/agent001.xml run
| Key | Data |
|---|---|
| Name | Agent Zero: Licence to Hack |
| Description | In this scenario, as a secret agent analyst specializing in cyber security, you are authorized to conduct offensive operations against those who threaten the digital safety and security of your country. You have been tasked with conducting a cyber attack and to investigate the operations of 'The Organization' in order to discover their evil plans. As the exercise progresses, you will uncover more and more evidence of the organization's evil plans. We beleive they are using aliases, and cover businesses. The only reliable intel we have is that there is an operative that goes by the alias 'viper'. You will need to use a variety of tools and techniques to perform an attack: network scanning and exploitation to gain a foothold, escalate privileges as necessary, and gather and analyze data data to collect evidence. Submit the flags you find to track your progress. This challenge will be different each time, and can be taken again and again to hone your skills and experience different attacks. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; evil_server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/agent_zero.xml run
| Key | Data |
|---|---|
| Name | All moin |
| Description | Hack the web_server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; web_server |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Directory traversal |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; DIRECTORY TRAVERSAL |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Forensics (F) | Artifact Analysis | STEGANOGRAPHY; METADATA |
| Privacy & Online Rights (POR) | Privacy Technologies and Democratic Values | STEGANOGRAPHY; METADATA |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/all_moin.xml run
| Key | Data |
|---|---|
| Name | Putting it together |
| Description | Analyse the files on the server from kali. Username: analyse Password: this!!! |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Network Security (NS) | OSI (OPEN SYSTEM INTERCONNECT) MODEL | APPLICATION LAYER; DATA LINK LAYER; NETWORK LAYER |
| Security Operations & Incident Management (SOIM) | Monitor: Data Sources | PCAP; network traffic |
| Forensics (F) | Artifact Analysis | FILES; Hidden files |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/analyse_this.xml run
| Key | Data |
|---|---|
| Name | Banner Grab and Run For Your Life! |
| Description | The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents. |
| Lab sheet | |
| Type | ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | desktop; secret_journal_server |
| KA | Topic | Keywords |
|---|---|---|
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE; PENETRATION TESTING - SOFTWARE TOOLS |
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/banner_grab_and_run.xml run
| Key | Data |
|---|---|
| Name | A Brief Case (of murder) |
| Description | Single system CLI narrative-based CTF challenge. The murder was solved quickly. It was a briefcase. |
| Lab sheet | |
| Type | ctf; attack-ctf; web-hints |
| Author | Thomas Shaw |
| Linked videos | |
| VM names | target_server; attack_vm |
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Real and effective identity; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Unix File Permissions; setuid/setgid |
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | authentication; cookies; passwords and alternatives; JAVASCRIPT / HYPERTEXT MARKUP LANGUAGE (HTML) / CASCADING STYLE SHEETS (CSS) / HYPERTEXT TRANSFER PROTOCOL (HTTP)\n COOKIES; Broken Access Control / Insecure Direct Object References |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | injection vulnerabilities; server-side misconfiguration and vulnerable components; CROSS-SITE SCRIPTING (XSS); COMMAND INJECTION; SQL-INJECTION |
| Software Security (SS) | Categories of Vulnerabilities | Web vulnerabilities / OWASP Top 10 |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/brief_case.xml run
| Key | Data |
|---|---|
| Name | Catching Sparks |
| Description | A web vulnerability allows access to a server remotely. Find the website and gain root privilege. |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | James Davis |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Command injection |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/catching_sparks.xml run
| Key | Data |
|---|---|
| Name | Containers Escape |
| Description | An "escape room" -- you need to find a way into then escape to root a docker container and a chroot container. Hints: the flags are stored in /root/ on the two VMs but you first need to find your way in, and then escape confinement. Good luck! |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | desktop; chroot_esc_server |
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authorisation | SANDBOX; Application-based access controls: user-based access controls insufficiently limit privileges |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Container-based sandboxes: chroot; Docker; Vulnerabilities and attacks on sandboxing misconfigurations |
| Operating Systems & Virtualisation (OSV) | Role of Operating Systems | isolation; CONTAINERS |
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | sandboxing |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE; PENETRATION TESTING - ACTIVE PENETRATION |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/container_escape.xml run
| Key | Data |
|---|---|
| Name | Disastrous Development |
| Description | Sometimes developers aren't always the smartest... |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | James Davis |
| Linked videos | |
| VM names | attack_vm; lucee_web |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Arbitrary file write |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/disastrous_development.xml run
| Key | Data |
|---|---|
| Name | Data Encoding and Hash Challenges |
| Description | Single system basic crypto CTF challenge. Single user account with automatic root login to a desktop system. Automatic installation of handy_cli_utilities, hash_tools, hashcat and john the ripper. |
| Lab sheet | |
| Type | ctf; crypto-ctf |
| Author | Thomas Shaw |
| Linked videos | |
| VM names | system |
| KA | Topic | Keywords |
|---|---|---|
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Applied Cryptography (AC) | Public-Key Cryptography | public-key encryption |
| Authentication, Authorisation & Accountability (AAA) | Authentication | Cryptography and authentication (hashes and attacks against authentication schemes / passwords) |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/encoding_challenges.xml run
| Key | Data |
|---|---|
| Name | Erlang Explosion |
| Description | A vulnerable service utilises erlang that has a fatal flaw. Exploit the server and get root access. |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | James Davis |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Vulnerable defaults |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUID |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/erlang_explosion.xml run
| Key | Data |
|---|---|
| Name | Eventful Data |
| Description | There is a vulnerable webserver that can be exploited. Find it and then get root. |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | James Davis |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/eventful_data.xml run
| Key | Data |
|---|---|
| Name | Expert Reversing |
| Description | Some advanced reverse engineering challenges. |
| Lab sheet | |
| Type | ctf; reversing-ctf |
| Author | ["Thomas Shaw", "Z. Cliffe Schreuders"] |
| Linked videos | |
| VM names | analysis |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Malware Analysis | analysis techniques; STATIC ANALYSIS |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/expert_reversing.xml run
| Key | Data |
|---|---|
| Name | Eyearesee |
| Description | Hack the server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; BACKDOOR TROJANS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/eyearesee.xml run
| Key | Data |
|---|---|
| Name | Feeling Blu |
| Description | Hack the web_server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; web_server |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | authentication; passwords and alternatives |
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication; BRUTEFORCE |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; FILE UPLOAD VULNERABILITY |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/feeling_blu.xml run
| Key | Data |
|---|---|
| Name | Decode Me |
| Description | Find the encoded messages and decode them. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; decode_me |
| KA | Topic | Keywords |
|---|---|---|
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_decode_me.xml run
| Key | Data |
|---|---|
| Name | Hackme Corp |
| Description | A bunch of servers for you to hack. Login to the attacker VM with user: root, password: toor. There are three servers for you to attack (same IP address range, ending in .3,.4,.5), and flags are often found in home directories (/home/, /root/). Beware of red herrings. Happy hacking! |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; hackme_server; hackmetoo_server; hackmethree_server |
| KA | Topic | Keywords |
|---|---|---|
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Elevated privileges |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_hackme_corp.xml run
| Key | Data |
|---|---|
| Name | Flawed Fortress |
| Description | Hack the server. Find / decode the flags. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; in_the_wild |
| KA | Topic | Keywords |
|---|---|---|
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_in_the_wild.xml run
| Key | Data |
|---|---|
| Name | Time to Patch |
| Description | Hack the server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication |
| Network Security (NS) | PENETRATION TESTING | SECURE SHELL (SSH) |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_leaked.xml run
| Key | Data |
|---|---|
| Name | Flawed Fortress |
| Description | Hack the server. Aim for root. Find the flags. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; that_escalated_quickly |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Elevated privileges |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_that_escalated_quickly.xml run
| Key | Data |
|---|---|
| Name | Flawed Fortress |
| Description | A three VM full day intermediate CTF, with a range of challenges of various difficulty. The three VMs are not related to each other. We have used this to host events with university students. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; decode_me; in_the_wild; that_escalated_quickly |
| KA | Topic | Keywords |
|---|---|---|
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Elevated privileges |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/flawed_fortress.xml run
| Key | Data |
|---|---|
| Name | Hackme and Crack Me |
| Description | Hack then crack, then use those creds to ssh to second_server for flags. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | hack_and_crack_me_server; second_server; kali_cracker |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Vulnerabilities and attacks on access control misconfigurations |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/hackme_crackme.xml run
| Key | Data |
|---|---|
| Name | Immersing Reversing |
| Description | Some harder reverse engineering challenges. |
| Lab sheet | |
| Type | ctf; reversing-ctf |
| Author | ["Thomas Shaw", "Z. Cliffe Schreuders"] |
| Linked videos | |
| VM names | metactf |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Malware Analysis | analysis techniques; analysis environments; STATIC ANALYSIS |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/immersing_reversing.xml run
| Key | Data |
|---|---|
| Name | Manage This! |
| Description | A vulnerable website is active on a server. Find a way in and obtain root. |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | James Davis |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Command injection |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; BACKDOOR TROJANS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/manage_this.xml run
| Key | Data |
|---|---|
| Name | Nosferatu |
| Description | Hack the server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Directory traversal |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; DIRECTORY TRAVERSAL |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUID |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/nosferatu.xml run
| Key | Data |
|---|---|
| Name | Decoding |
| Description | Some basic decoding challenges. The challenges are presented on a website on one of these VMs, separate from the CTF scoring. |
| Lab sheet | |
| Type | ctf; jeopardy-ctf; web-hints |
| Author | Thomas Shaw |
| Linked videos | |
| VM names | nw_cyber_games |
| KA | Topic | Keywords |
|---|---|---|
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | Cryptography and authentication (hashes and attacks against authentication schemes / passwords) |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/nw_cyber_games.xml run
| Key | Data |
|---|---|
| Name | Performance Peril |
| Description | An administrator has unknowingly left an open door via a vulnerable service. Breach the server and collect the secrets. |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | James Davis |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Command injection |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Linux security model |
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/performance_peril.xml run
| Key | Data |
|---|---|
| Name | Post-it note-xploitation |
| Description | Hack and escalate. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | windows_server; linux_server; kali |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Malware & Attack Technology (MAT) | Attacks and exploitation | Post-exploitation: pivoting attacks; information gathering |
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/post_it.xml run
| Key | Data |
|---|---|
| Name | PTSD: Shell Shocked |
| Description | Hack the server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ptsd.xml run
| Key | Data |
|---|---|
| Name | Putting it together |
| Description | Hack the server from kali. Search the server for leaked information that will help you login and then escalate from there. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP; SECURE SHELL (SSH) |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE; PENETRATION TESTING - SOFTWARE TOOLS |
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/putting_it_together.xml run
| Key | Data |
|---|---|
| Name | Vulnerable webapp |
| Description | A web server with a (randomly) vulnerable webapp |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | Joshua Hickling |
| Linked videos | |
| VM names | web_server; kali |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | Broken Access Control / Insecure Direct Object References |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | injection vulnerabilities; server-side misconfiguration and vulnerable components; CROSS-SITE SCRIPTING (XSS); SQL-INJECTION |
| Software Security (SS) | Categories of Vulnerabilities | Web vulnerabilities / OWASP Top 10 |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - ACTIVE PENETRATION |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rand_webapp.xml run
| Key | Data |
|---|---|
| Name | Vulnerable webapp |
| Description | A web server with a (randomly) vulnerable webapp |
| Lab sheet | |
| Type | ctf; attack-ctf |
| Author | Joshua Hickling |
| Linked videos | |
| VM names | web_server; kali |
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | Broken Access Control / Insecure Direct Object References |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | injection vulnerabilities; server-side misconfiguration and vulnerable components; CROSS-SITE SCRIPTING (XSS); SQL-INJECTION |
| Software Security (SS) | Categories of Vulnerabilities | Web vulnerabilities / OWASP Top 10 |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - ACTIVE PENETRATION |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rand_webapp_adv.xml run
| Key | Data |
|---|---|
| Name | Rehearsing Reversing |
| Description | Some reverse engineering challenges. |
| Lab sheet | |
| Type | ctf; reversing-ctf |
| Author | ["Thomas Shaw", "Z. Cliffe Schreuders"] |
| Linked videos | |
| VM names | metactf |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Malware Analysis | analysis techniques; analysis environments; STATIC ANALYSIS |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rehearsing_reversing.xml run
| Key | Data |
|---|---|
| Name | Rooting for a win |
| Description | Hack the server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; BACKDOOR TROJANS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rooting_for_a_win.xml run
| Key | Data |
|---|---|
| Name | Rooting for a win2 |
| Description | Hack the server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; BACKDOOR TROJANS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rooting_for_a_win_user.xml run
| Key | Data |
|---|---|
| Name | Smash Crack Grab and Run |
| Description | Hack the server from kali. Involves a vulnerable service, and encrypted files. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/smash_crack_grab_run.xml run
| Key | Data |
|---|---|
| Name | Such a git |
| Description | Hack the web_server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; web_server |
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication |
| Network Security (NS) | PENETRATION TESTING | SECURE SHELL (SSH) |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/such_a_git.xml run
| Key | Data |
|---|---|
| Name | Time to Patch |
| Description | Hack the server from kali. |
| Lab sheet | |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
| KA | Topic | Keywords |
|---|---|---|
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Directory traversal |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; DIRECTORY TRAVERSAL |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication |
| Network Security (NS) | PENETRATION TESTING | SECURE SHELL (SSH) |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Applied Cryptography (AC) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/time_to_patch.xml run