Capture-The-Flag 101

The objective of this workshop is to dive into Capture-The-Flag (CTF) competitions. First, by introducing them. Then by helping both individuals and teams prepare but also evolve in their practice of applied cybersecurity.

We will have various levels (easy, medium, hard) of CTF challenges in several categories (binaries, exploitation, Web, forensics) and we will give hints and solutions during the workshop.

This is meant to be for CTF first timers. Seasoned players should play NorthSec’s official CTF instead.

Requirements

  • a laptop
  • a programming language of choice (it's usually Python)
  • wireshark
  • a web assesment security tool (Burp, ZAP, Watobo, mitmproxy)


Olivier Bilodeau Lead of Cybersecurity Research Team, GoSecure

Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, Olivier managed large networks and server farms, wrote open source network access control software and recently worked as a Malware Researcher. Passionate communicator, Olivier has spoken at several conferences like Defcon, Botconf, SecTor, Derbycon and many more. Invested in his community, he co-organizes MontréHack — a monthly workshop focused on applied information security through capture-the-flag challenges —, he is in charge of NorthSec’s training sessions and is hosting NorthSec’s Hacker Jeopardy. His primary research interests include reverse-engineering tools, Linux and/or embedded malware and honeypots. To relax, he likes to participate in information security capture-the-flag competitions, work on various open-source projects and brew his own beer.

Laurent Desaulniers Team Lead for Pentesting Team,

Laurent is a team lead for a large security consulting firm, based in Montreal. He has conducted over 200 pentesting and red team engagements over the span of 10 years and is still enthusiatic about it. Laurent is also a challenge designer for Northsec and has given talks to CQSI, NCFTA, HackFest, RSI, Montrehack, Owasp Montreal and Northsec. Besides security, Laurent is interested in Lockpicking, magic and pickpocketting.

Charles Hamilton Penetration Tester,

With more than 8 years of experience delivering Information Technology and Information Security services to various government and commercial clients such as a banks, nuclear industry and lay firms. Having the opportunity to perform RedTeam against complex and secured environment allowed him to develop a certain expertise that can be used to navigate through the target network without being detected. Since 2014 I'm also the proud owner of the RingZer0 Team website that have more than 28 000 members worldwide. The RingZer0 Team website is a hacking learning platform.