mirror of
https://github.com/cliffe/SecGen.git
synced 2026-02-20 13:50:45 +00:00
57 KiB
57 KiB
CTF Scenarios and CyBOK
The Cyber Security Body of Knowledge (CyBOK) is a body of knowledge that aims to encapsulate the various knowledge areas present within cyber security. Scenarios within SecGen now contain XML elements linking them to CyBOK knowledge areas and specific topics within those knowledge areas. Additionally, video lectures for scenarios are tagged with CyBOK associations.
This file is an autogenerated index and cross referencing of the 31 SecGen CTF scenarios that have CyBOK metadata.
You can browse the list below in terms of the CyBOK Knowledge Areas, and Topics. The list of scenarios in the second half of this document includes keywords (also known as "indicative topics" in CyBOK terminology).
The all lowercase topics and keywords are provided by NCSC for CyBOK mapping, while all caps indicates it is taken from the CyBOK mapping reference, mixed case keywords are ones that we have added.
Cyber Securtiy Body of Knowledge (CyBOK) Issue 1.1 is Crown Copyright, The National Cyber Security Centre 2021, licensed under the Open Government Licence http://www.nationalarchives.gov.uk/doc/open-government-licence/.
Scenarios Indexed By CyBOK Knowledge Area (KA)
Authentication, Authorisation & Accountability (AAA)
Operating Systems & Virtualisation (OSV)
Cryptography (C)
Web & Mobile Security (WAM)
Malware & Attack Technology (MAT)
Software Security (SS)
Security Operations & Incident Management (SOIM)
Adversarial Behaviours (AB)
Forensics (F)
Privacy & Online Rights (POR)
Network Security (NS)
Authentication, Authorisation & Accountability (AAA)
AAA Scenarios
access_can_roll.xml
all_moin.xml
brief_case.xml
container_escape.xml
encoding_challenges.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
nosferatu.xml
nw_cyber_games.xml
post_it.xml
putting_it_together.xml
rooting_for_a_win_user.xml
such_a_git.xml
time_to_patch.xml
AAA Scenarios by Topics
Operating Systems & Virtualisation (OSV)
OSV Scenarios
access_can_roll.xml
all_moin.xml
brief_case.xml
container_escape.xml
eyearesee.xml
feeling_blu.xml
ff_leaked.xml
nosferatu.xml
putting_it_together.xml
rooting_for_a_win_user.xml
such_a_git.xml
time_to_patch.xml
OSV Scenarios by Topics
| Topic | Scenario |
|---|---|
| Primitives for Isolation and Mediation | access_can_roll.xml all_moin.xml brief_case.xml container_escape.xml eyearesee.xml feeling_blu.xml ff_leaked.xml nosferatu.xml putting_it_together.xml rooting_for_a_win_user.xml such_a_git.xml time_to_patch.xml |
| Role of Operating Systems | container_escape.xml |
Cryptography (C)
C Scenarios
access_can_roll.xml
analyse_this.xml
encoding_challenges.xml
feeling_blu.xml
ff_decode_me.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
flawed_fortress.xml
nw_cyber_games.xml
post_it.xml
rooting_for_a_win.xml
time_to_patch.xml
C Scenarios by Topics
| Topic | Scenario |
|---|---|
| Public-Key Cryptography | access_can_roll.xml encoding_challenges.xml |
| Symmetric Cryptography | analyse_this.xml encoding_challenges.xml feeling_blu.xml ff_decode_me.xml ff_hackme_corp.xml ff_in_the_wild.xml flawed_fortress.xml nw_cyber_games.xml post_it.xml rooting_for_a_win.xml time_to_patch.xml |
Web & Mobile Security (WAM)
WAM Scenarios
all_moin.xml
brief_case.xml
container_escape.xml
feeling_blu.xml
nosferatu.xml
rand_webapp.xml
rand_webapp_adv.xml
time_to_patch.xml
WAM Scenarios by Topics
| Topic | Scenario |
|---|---|
| Server-Side Vulnerabilities and Mitigations | all_moin.xml brief_case.xml feeling_blu.xml nosferatu.xml rand_webapp.xml rand_webapp_adv.xml time_to_patch.xml |
| Fundamental Concepts and Approaches | brief_case.xml container_escape.xml feeling_blu.xml rand_webapp.xml rand_webapp_adv.xml |
Malware & Attack Technology (MAT)
MAT Scenarios
all_moin.xml
container_escape.xml
expert_reversing.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
immersing_reversing.xml
nosferatu.xml
post_it.xml
ptsd.xml
putting_it_together.xml
rehearsing_reversing.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
MAT Scenarios by Topics
Software Security (SS)
SS Scenarios
all_moin.xml
brief_case.xml
eyearesee.xml
feeling_blu.xml
hackme_crackme.xml
nosferatu.xml
post_it.xml
ptsd.xml
rand_webapp.xml
rand_webapp_adv.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
SS Scenarios by Topics
Security Operations & Incident Management (SOIM)
SOIM Scenarios
all_moin.xml
analyse_this.xml
banner_grab_and_run.xml
container_escape.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
nosferatu.xml
post_it.xml
ptsd.xml
putting_it_together.xml
rand_webapp.xml
rand_webapp_adv.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
SOIM Scenarios by Topics
Adversarial Behaviours (AB)
AB Scenarios
all_moin.xml
eyearesee.xml
feeling_blu.xml
ff_hackme_corp.xml
ff_leaked.xml
ff_that_escalated_quickly.xml
flawed_fortress.xml
hackme_crackme.xml
nosferatu.xml
post_it.xml
ptsd.xml
putting_it_together.xml
rooting_for_a_win_user.xml
smash_crack_grab_run.xml
such_a_git.xml
time_to_patch.xml
AB Scenarios by Topics
Forensics (F)
F Scenarios
all_moin.xml
analyse_this.xml
banner_grab_and_run.xml
encoding_challenges.xml
ff_decode_me.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
flawed_fortress.xml
nw_cyber_games.xml
putting_it_together.xml
rooting_for_a_win.xml
F Scenarios by Topics
Privacy & Online Rights (POR)
POR Scenarios
POR Scenarios by Topics
| Topic | Scenario |
|---|---|
| Privacy Technologies and Democratic Values | all_moin.xml |
Network Security (NS)
NS Scenarios
analyse_this.xml
banner_grab_and_run.xml
container_escape.xml
ff_hackme_corp.xml
ff_in_the_wild.xml
ff_leaked.xml
nosferatu.xml
putting_it_together.xml
rooting_for_a_win.xml
rooting_for_a_win_user.xml
such_a_git.xml
time_to_patch.xml
NS Scenarios by Topics
| Topic | Scenario |
|---|---|
| OSI (OPEN SYSTEM INTERCONNECT) MODEL | analyse_this.xml |
| PENETRATION TESTING | banner_grab_and_run.xml container_escape.xml ff_hackme_corp.xml ff_in_the_wild.xml ff_leaked.xml nosferatu.xml putting_it_together.xml rooting_for_a_win.xml rooting_for_a_win_user.xml such_a_git.xml time_to_patch.xml |
Scenario CyBOK Keywords
access_can_roll.xml
Details
| Key | Data |
|---|---|
| Name | Access can roll |
| Description | There are two problem solving access control challenges on the server. Look at the home directories and the .c files. 1: Use the access_my_flag program to access the two flags (hint: think about how you can use hardlink trickery to access relative paths). 2: Look at the two shell programs and how you can combine them together to get at a flag. Your password on both systems is: tiaspbiqe2r |
| Type | ctf-lab; hackerbot-lab; lab-sheet |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | shared_desktop; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Real and effective identity; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Unix File Permissions; setuid/setgid; Hardlink protections |
| Cryptography (C) | Public-Key Cryptography | public-key signatures |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/access_can_roll.xml run
all_moin.xml
Details
| Key | Data |
|---|---|
| Name | All moin |
| Description | Hack the web_server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; web_server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Directory traversal |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; DIRECTORY TRAVERSAL |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Forensics (F) | Artifact Analysis | STEGANOGRAPHY; METADATA |
| Privacy & Online Rights (POR) | Privacy Technologies and Democratic Values | STEGANOGRAPHY; METADATA |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/all_moin.xml run
analyse_this.xml
Details
| Key | Data |
|---|---|
| Name | Putting it together |
| Description | Analyse the files on the server from kali. Username: analyse Password: this!!! |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Network Security (NS) | OSI (OPEN SYSTEM INTERCONNECT) MODEL | APPLICATION LAYER; DATA LINK LAYER; NETWORK LAYER |
| Security Operations & Incident Management (SOIM) | Monitor: Data Sources | PCAP; network traffic |
| Forensics (F) | Artifact Analysis | FILES; Hidden files |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/analyse_this.xml run
banner_grab_and_run.xml
Details
| Key | Data |
|---|---|
| Name | Banner Grab and Run For Your Life! |
| Description | The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents. |
| Type | ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | desktop; secret_journal_server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE; PENETRATION TESTING - SOFTWARE TOOLS |
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/banner_grab_and_run.xml run
brief_case.xml
Details
| Key | Data |
|---|---|
| Name | A Brief Case (of murder) |
| Description | Single system CLI narrative-based CTF challenge. The murder was solved quickly. It was a briefcase. |
| Type | ctf; attack-ctf; web-hints |
| Author | Thomas Shaw |
| Linked videos | |
| VM names | target_server; attack_vm |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Real and effective identity; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Unix File Permissions; setuid/setgid |
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | authentication; cookies; passwords and alternatives; JAVASCRIPT / HYPERTEXT MARKUP LANGUAGE (HTML) / CASCADING STYLE SHEETS (CSS) / HYPERTEXT TRANSFER PROTOCOL (HTTP)\n COOKIES; Broken Access Control / Insecure Direct Object References |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | injection vulnerabilities; server-side misconfiguration and vulnerable components; CROSS-SITE SCRIPTING (XSS); COMMAND INJECTION; SQL-INJECTION |
| Software Security (SS) | Categories of Vulnerabilities | Web vulnerabilities / OWASP Top 10 |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/brief_case.xml run
container_escape.xml
Details
| Key | Data |
|---|---|
| Name | Containers Escape |
| Description | An "escape room" -- you need to find a way into then escape to root a docker container and a chroot container. Hints: the flags are stored in /root/ on the two VMs but you first need to find your way in, and then escape confinement. Good luck! |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | desktop; chroot_esc_server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authorisation | SANDBOX; Application-based access controls: user-based access controls insufficiently limit privileges |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Container-based sandboxes: chroot; Docker; Vulnerabilities and attacks on sandboxing misconfigurations |
| Operating Systems & Virtualisation (OSV) | Role of Operating Systems | isolation; CONTAINERS |
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | sandboxing |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE; PENETRATION TESTING - ACTIVE PENETRATION |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/container_escape.xml run
encoding_challenges.xml
Details
| Key | Data |
|---|---|
| Name | Data Encoding and Hash Challenges |
| Description | Single system basic crypto CTF challenge. Single user account with automatic root login to a desktop system. Automatic installation of handy_cli_utilities, hash_tools, hashcat and john the ripper. |
| Type | ctf; crypto-ctf |
| Author | Thomas Shaw |
| Linked videos | |
| VM names | system |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Cryptography (C) | Public-Key Cryptography | public-key encryption |
| Authentication, Authorisation & Accountability (AAA) | Authentication | Cryptography and authentication (hashes and attacks against authentication schemes / passwords) |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/encoding_challenges.xml run
expert_reversing.xml
Details
| Key | Data |
|---|---|
| Name | Expert Reversing |
| Description | Some advanced reverse engineering challenges. |
| Type | ctf; reversing-ctf |
| Author | ["Thomas Shaw", "Z. Cliffe Schreuders"] |
| Linked videos | |
| VM names | analysis |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Malware Analysis | analysis techniques; STATIC ANALYSIS |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/expert_reversing.xml run
eyearesee.xml
Details
| Key | Data |
|---|---|
| Name | Eyearesee |
| Description | Hack the server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; BACKDOOR TROJANS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/eyearesee.xml run
feeling_blu.xml
Details
| Key | Data |
|---|---|
| Name | Feeling Blu |
| Description | Hack the web_server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; web_server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | authentication; passwords and alternatives |
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication; BRUTEFORCE |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; FILE UPLOAD VULNERABILITY |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/feeling_blu.xml run
ff_decode_me.xml
Details
| Key | Data |
|---|---|
| Name | Decode Me |
| Description | Find the encoded messages and decode them. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; decode_me |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_decode_me.xml run
ff_hackme_corp.xml
Details
| Key | Data |
|---|---|
| Name | Hackme Corp |
| Description | A bunch of servers for you to hack. Login to the attacker VM with user: root, password: toor. There are three servers for you to attack (same IP address range, ending in .3,.4,.5), and flags are often found in home directories (/home/, /root/). Beware of red herrings. Happy hacking! |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; hackme_server; hackmetoo_server; hackmethree_server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Elevated privileges |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_hackme_corp.xml run
ff_in_the_wild.xml
Details
| Key | Data |
|---|---|
| Name | Flawed Fortress |
| Description | Hack the server. Find / decode the flags. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; in_the_wild |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_in_the_wild.xml run
ff_leaked.xml
Details
| Key | Data |
|---|---|
| Name | Time to Patch |
| Description | Hack the server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication |
| Network Security (NS) | PENETRATION TESTING | SECURE SHELL (SSH) |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_leaked.xml run
ff_that_escalated_quickly.xml
Details
| Key | Data |
|---|---|
| Name | Flawed Fortress |
| Description | Hack the server. Aim for root. Find the flags. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; that_escalated_quickly |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Elevated privileges |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ff_that_escalated_quickly.xml run
flawed_fortress.xml
Details
| Key | Data |
|---|---|
| Name | Flawed Fortress |
| Description | A three VM full day intermediate CTF, with a range of challenges of various difficulty. The three VMs are not related to each other. We have used this to host events with university students. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | ["Z. Cliffe Schreuders", "Thomas Shaw"] |
| Linked videos | |
| VM names | attack_vm; decode_me; in_the_wild; that_escalated_quickly |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Elevated privileges |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/flawed_fortress.xml run
hackme_crackme.xml
Details
| Key | Data |
|---|---|
| Name | Hackme and Crack Me |
| Description | Hack then crack, then use those creds to ssh to second_server for flags. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | hack_and_crack_me_server; second_server; kali_cracker |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | Vulnerabilities and attacks on access control misconfigurations |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/hackme_crackme.xml run
immersing_reversing.xml
Details
| Key | Data |
|---|---|
| Name | Immersing Reversing |
| Description | Some harder reverse engineering challenges. |
| Type | ctf; reversing-ctf |
| Author | ["Thomas Shaw", "Z. Cliffe Schreuders"] |
| Linked videos | |
| VM names | metactf |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Malware Analysis | analysis techniques; analysis environments; STATIC ANALYSIS |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/immersing_reversing.xml run
nosferatu.xml
Details
| Key | Data |
|---|---|
| Name | Nosferatu |
| Description | Hack the server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Directory traversal |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; DIRECTORY TRAVERSAL |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION; PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE |
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUID |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/nosferatu.xml run
nw_cyber_games.xml
Details
| Key | Data |
|---|---|
| Name | Decoding |
| Description | Some basic decoding challenges. The challenges are presented on a website on one of these VMs, separate from the CTF scoring. |
| Type | ctf; jeopardy-ctf; web-hints |
| Author | Thomas Shaw |
| Linked videos | |
| VM names | nw_cyber_games |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | Cryptography and authentication (hashes and attacks against authentication schemes / passwords) |
| Forensics (F) | Artifact Analysis | cryptographic hashing; Encoding and alternative data formats |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/nw_cyber_games.xml run
post_it.xml
Details
| Key | Data |
|---|---|
| Name | Post-it note-xploitation |
| Description | Hack and escalate. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | windows_server; linux_server; kali |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Malware & Attack Technology (MAT) | Attacks and exploitation | Post-exploitation: pivoting attacks; information gathering |
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/post_it.xml run
ptsd.xml
Details
| Key | Data |
|---|---|
| Name | PTSD: Shell Shocked |
| Description | Hack the server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/ptsd.xml run
putting_it_together.xml
Details
| Key | Data |
|---|---|
| Name | Putting it together |
| Description | Hack the server from kali. Search the server for leaked information that will help you login and then escalate from there. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Network Security (NS) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - FINGERPRINTING; PENETRATION TESTING - NETWORK MAPPING - NMAP; SECURE SHELL (SSH) |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - NETWORK MAPPING - RECONNAISSANCE; PENETRATION TESTING - SOFTWARE TOOLS |
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/putting_it_together.xml run
rand_webapp.xml
Details
| Key | Data |
|---|---|
| Name | Vulnerable webapp |
| Description | A web server with a (randomly) vulnerable webapp |
| Type | ctf; attack-ctf |
| Author | Joshua Hickling |
| Linked videos | |
| VM names | web_server; kali |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | Broken Access Control / Insecure Direct Object References |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | injection vulnerabilities; server-side misconfiguration and vulnerable components; CROSS-SITE SCRIPTING (XSS); SQL-INJECTION |
| Software Security (SS) | Categories of Vulnerabilities | Web vulnerabilities / OWASP Top 10 |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - ACTIVE PENETRATION |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rand_webapp.xml run
rand_webapp_adv.xml
Details
| Key | Data |
|---|---|
| Name | Vulnerable webapp |
| Description | A web server with a (randomly) vulnerable webapp |
| Type | ctf; attack-ctf |
| Author | Joshua Hickling |
| Linked videos | |
| VM names | web_server; kali |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Web & Mobile Security (WAM) | Fundamental Concepts and Approaches | Broken Access Control / Insecure Direct Object References |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | injection vulnerabilities; server-side misconfiguration and vulnerable components; CROSS-SITE SCRIPTING (XSS); SQL-INJECTION |
| Software Security (SS) | Categories of Vulnerabilities | Web vulnerabilities / OWASP Top 10 |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - ACTIVE PENETRATION |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rand_webapp_adv.xml run
rehearsing_reversing.xml
Details
| Key | Data |
|---|---|
| Name | Rehearsing Reversing |
| Description | Some reverse engineering challenges. |
| Type | ctf; reversing-ctf |
| Author | ["Thomas Shaw", "Z. Cliffe Schreuders"] |
| Linked videos | |
| VM names | metactf |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Malware Analysis | analysis techniques; analysis environments; STATIC ANALYSIS |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rehearsing_reversing.xml run
rooting_for_a_win.xml
Details
| Key | Data |
|---|---|
| Name | Rooting for a win |
| Description | Hack the server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; BACKDOOR TROJANS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
| Forensics (F) | Artifact Analysis | Encoding and alternative data formats |
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rooting_for_a_win.xml run
rooting_for_a_win_user.xml
Details
| Key | Data |
|---|---|
| Name | Rooting for a win2 |
| Description | Hack the server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; BACKDOOR TROJANS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/rooting_for_a_win_user.xml run
smash_crack_grab_run.xml
Details
| Key | Data |
|---|---|
| Name | Smash Crack Grab and Run |
| Description | Hack the server from kali. Involves a vulnerable service, and encrypted files. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/smash_crack_grab_run.xml run
such_a_git.xml
Details
| Key | Data |
|---|---|
| Name | Such a git |
| Description | Hack the web_server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; web_server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication |
| Network Security (NS) | PENETRATION TESTING | SECURE SHELL (SSH) |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/such_a_git.xml run
time_to_patch.xml
Details
| Key | Data |
|---|---|
| Name | Time to Patch |
| Description | Hack the server from kali. |
| Type | ctf; attack-ctf; pwn-ctf |
| Author | Z. Cliffe Schreuders |
| Linked videos | |
| VM names | attack_vm; server |
CyBOK KAs, Topics, and Keywords
| KA | Topic | Keywords |
|---|---|---|
| Network Security (NS) | PENETRATION TESTING | FILE - TRANSFER PROTOCOL (FTP) |
| Web & Mobile Security (WAM) | Server-Side Vulnerabilities and Mitigations | server-side misconfiguration and vulnerable components; Directory traversal |
| Malware & Attack Technology (MAT) | Attacks and exploitation | EXPLOITATION; EXPLOITATION FRAMEWORKS; DIRECTORY TRAVERSAL |
| Software Security (SS) | Categories of Vulnerabilities | CVEs and CWEs |
| Security Operations & Incident Management (SOIM) | PENETRATION TESTING | PENETRATION TESTING - SOFTWARE TOOLS; PENETRATION TESTING - ACTIVE PENETRATION |
| Authentication, Authorisation & Accountability (AAA) | Authentication | user authentication |
| Network Security (NS) | PENETRATION TESTING | SECURE SHELL (SSH) |
| Authentication, Authorisation & Accountability (AAA) | Authorisation | access control; Elevated privileges; Vulnerabilities and attacks on access control misconfigurations |
| Operating Systems & Virtualisation (OSV) | Primitives for Isolation and Mediation | Access controls and operating systems; Linux security model; Attacks against SUDO |
| Adversarial Behaviours (AB) | Models | kill chains |
| Malware & Attack Technology (MAT) | Malicious Activities by Malware | cyber kill chain |
| Cryptography (C) | Symmetric Cryptography | symmetric encryption and authentication |
| Authentication, Authorisation & Accountability (AAA) | Authentication | BRUTEFORCE |
Command to build VMs and start scenario:
ruby secgen.rb -s scenarios/ctf/time_to_patch.xml run