Capture the Flag Cluster

See Next Meeting

About the Capture the Flag (CTF) Cluster

“Hackathon”, “Cyber Challenge”, “Code Fest”, “Red Team vs Blue Team”, “Black-hatting”

These are all words that are very familiar to people who have been involved in competitive computer gaming, coding and hacking but they are relatively new to the \'main stream\' and have really come to the fore along with the rise of the cyber threat and need for everyone to become more cyber-savvy. For the un-initiated, these words may also conjure up some scary images of rooms full of very knowledgeable computer geeks with lots of experience of hacking, able to use their computers with as much ease as kids seem to use computer game controllers, who could undoubtedly run rings around anyone who would not be considered an “expert”.

But... are you curious or have you ever wondered:-

  • What actually happens at one of these events?
  • Just how much knowledge and/or experience do you need in order to take part?
  • What is the point of doing a hackathon?
  • Is it just a game or is there a hidden business benefit?
If so, then welcome to The Cyber Wales Capture the Flag Cluster

This new cluster is designed to provide a welcoming environment for all abilities to come and learn about the techniques required for participating in CTFs, whether you are looking to just know more about how these competitions work, looking to enter your first event or are and experienced CTF participant, this new cluster is here to help.

Next Meeting

Cyber Wales CTF Cluster - 12 August 2020

12th August 2020 | 18:00 - 20:00

Webinar

Register Now

This month, we will be having a crack at a CTF that has been built by the USWCTF gang at the University of South Wales.

Our Master of Ceremonies for this very active playtime session will be Mat Rollings.

Mat (stealthcopter) has been an Android developer for about 10 years and has played and organised lots of CTFs in his time. He is just finishing a part time Master in Cyber Security at USW and will be ramping up his work at Immersive Labs at the end of the Summer.

Mat will start the session by exploring how to exploit and escape from container environments such as Docker - followed by a very brief demonstration of this using tools developed for his masters thesis. A virtual machine will be available to download and try online at tryhackme.com to walk-through some of the exploits seen and also some of the metasploit modules that he's developed.

Then we'll be shifting over to the USW CTF. Originally this CTF ran internally at USW for 2 weeks in March, and was well received. It was designed by Mat and Will Roberts (willpr) and has 75 challenges across a range of categories including Web, Crypto, Forensic, Stego, Priv Esc, Reverse Engineering, PWN, Programming and there are even a few "Lecturers' Specials".

The team have taken a selection of the best challenges to throw at us at our CTF Cluster meeting and after introducing the platform they will run through some of the easier and more interesting challenges. Then they will open it up and make things more interactive - answering questions you may have or demonstrating requested challenges and sharing a few stories about some cool challenges from the metasploit CTFs they've done.

More than this... following the meeting the Challenges will stay online on uswctf.net for 1 week allowing people to complete them at their own pace and the source code is also available for specific challenges upon request. Also we will be pointed to their Discord server if we want to chat about any of the questions with the gang.

A fantastic Cluster meeting I'm sure you will agree.

Link to attend the event: https://global.gotomeeting.com/join/328512285

See you all there!

Previous Meetings

Cyber Wales CTF Cluster - 15 July 2020

15th July 2020 | 18:00 - 20:00

Webinar

We are delighted to have an opportunity to learn more about the Cyber Detective CTF in this meeting.

This amazing CTF is a set of OSINT-focussed challenges created by the Cyber Society at Cardiff University, cunningly called the CyberSoc (I see what they did there - very clever!).

There are 40 challenges across 3 streams:-
* General Knowledge
* Life Online
* Evidence Investigation

We will be learning more about the CyberSoc and the Cyber Detective CTF from the President of the Society, Jack Tilson.

As a taster, this is what the University Societies pages says about them - "Join CyberSoc today, and you'll be rubbing shoulders with tremendously passionate students and industry players who are serious about cyber and want to make a difference. Employers frequently cite demonstration of passion for your field and a willingness to learn as top factors in the recruitment decision-making process. This could be a way for you to strengthen in these areas, and learn lots along the way too, helping to create a solid position for yourself in the job market!

In addition, this meeting will include an open frame discussion on two voracious new threats which emerged in the last few weeks. One a re-engineered ransomware and the other a fiendish stringing together of two exploits to create something more dangerous.

Both of these threats have been targeted at the NHS during these trying times and this warranted a similar (not-so-technical) discussion at the All Wales Cyber Security Cluster meeting and we will be taking this oportunity to dive a bit deeper into these dastardly attacks.

Cyber Wales CTF Cluster - June 2020

10th June 2020 | 18:00 - 20:00

Webinar

We had a very special guest speaker this month! Richard Bloxam-Rose is a skilled cyber security specialist having worked with the US DoD in Iraq as well as in cyber teams of global organisations like Commerzbank and Merrill Lynch and is currently in a Threat & Vulnerability operation. He has also served 10 years in the British Army as a Communications Systems & Cyber Operator in the Royal Corps of Signals on deployments with 32 Signal Regiment in the North and with 39 Signal Regiment in the South and currently with the Specialist Group Information Services Squadron (SGIS) based in the Corps HQ in Blandford.

The co-founder of a new learning group in the Armed Forces called "TriHacking" which is aimed at Army, Navy & Air Force cyberists, Richard spends his spare time teaching & coaching cyber security to Regulars and Reservists alike and at our CTF Cluster meeting this week, he gave a walk-through of a "Boot-to-Root Challenge" from the hacking platform VulnHub. Below is a recording of the walk-through session for those of you that missed it.

Over the years, people have been creating cyber learning resources and a lot of time has been put into them, creating 'hidden gems' of training material. However, unless you know of them, its hard to discover them. So, VulnHub was born to capture and share as many of these as possible, creating a catalogue of 'stuff' that is (legally) 'breakable, hackable & exploitable' - allowing you to learn in a safe environment and practise 'stuff' out.

Up to this point, at CTF Cluster meetings, we had explored home-grown Flags, HackTheBox and Immersive Labs Challenges but this is the first time we delved into the treasure-trove that is VulnHub - and Richard ("Bloxy" to his friends) was our guide.

This meeting also had a very international flavour with special guests joining, including the head of the Ras Al Khaimah Cyber Cluster in the UAE, a Colonel from the Dubai Police Cyber Team, the head of the Austrian Cyber Cluster and two guys from a Cyber Cluster and Hackathon Club in Kenya and we are speaking with all of them about future collaborations.

Cyber Wales CTF Cluster - May 2020

13th May 2020 | 18:00 - 20:00

Webinar

This meeting was run as a Webinar which was combined with the official launch of the amazing new Cyber College Cymru initiative.

Bridgend College, in partnership with Coleg Gwent and the University of South Wales, were launching a scheme which will start in September 2020 that will form a new qualification in cyber security. The initiative will offer learners hundreds of hours of industry input with big-name industry partners and members of the Cyber Wales Ecosystem(that means you!).

The Cyber College Cymru launch started at 17:30 and there were introductory talks by Admiral, Thales and Fujitsu and, to provide an example of cyber learning in action, there was a follow-along walk-through of the infamous WannaCry Randsomware by Leanne Davies from Cyber Wales, Cyber Security Lecturer at Glyndwr University (using Immersive Labs).

After a Q&A the Launch event closed and the web-session flowed seamlessly into the CTF Cluster meeting where we continued the WannaCry theme with a walk-through of another Immersive Lab on how to find and trip the Kill Switch in the WannaCry source code delivered by Jason from Cyber Wales and the North Wales CYber Cyber Securoty Cluster.

We were also treated to a session from Cyber Wales member Nick Lambe from Gordalex, who is ex-military intelligence who talked about how getting the basics of OSINT right can be a lot more powerful that you might think - especially around associations and the wider OSINT environment - and he used a real live example to illustrate his points.

Cyber Wales CTF Cluster - April 2020

8th April 2020 | 18:00 - 20:00

Webinar

This meeting was run over Webinar an online 'follow-along hack' walk-through and we walked through the steps required to register for an account on HackTheBox.

Hack The Box was formed in 2017 by James Hooker and Haris Pylarinos and the UK-based platform has become a very popular online platform for individuals, universities & colleges and corporate organisations all over the world.

It is described as "A massive playground for you to learn and improve your pen-testing skills" and there are plenty of labs to get stuck into as well as forums and competitions.

However there is a catch! In order to register you will need a Token and to get that token you will need to actually "hack the box" - yes, you need to hack the platform in order to get an account on the platform (absolute genius!)

In this month's Cyber Wales CTF Cluster meeting we walked through some of the aspects of this mulit-part hack in a webinar and all of the attendees were able to follow along. Those who paid attention and were good enough ended up with an account on the platform.

Here is a slide deck showing the HackTheBox Entry Flag Run-through

One of our members, Neil from Gower College was on the Webinar and streamed it over his Twitch channel to over 40 of this students. Here is a link to the recording of that stream - https://www.twitch.tv/videos/586557422 - Thank you Neil!

Cyber Wales CTF Cluster - February 2020

12th February 2020 | 18:00 - 20:00

National Cyber Security Academy, University of South Wales, Newport, Wales, NP20 2AL

The inaugural meeting of the Cyber Wales Capture the Flag Cluster last month was a huge success and we were really keen to run the second instalment.

This new Cluster is designed to provide a welcoming and safe environment for folks of all abilities to come and learn about the techniques required for participating in CTFs and Hackathons.

Whether you just want to know more about the gamification of the cyber threat (and how gaining Red Team skills can enhance Blue Team capability), whether you want to try this fun way to accelerate knowledge and skill, or whether you want to get involved in CTF events, this new cluster and its members are here to help.

At each meeting, we work with samples of real CTF challenges and this month the discipline we focused on was Forensics and we once again turned to a PCAP File, a favourite at most CTFs.

Here is a copy of the PCAP File we used

One of our members, Toby Jackson (Cyber Security Student at USW), has provided a walk-through for the February PCAP Challenge - https://0xskunk.github.io/Cyber-Wales-CTF-Cluster-Forensics-Challenge/ - Thank you Toby!

The challenges in this PCAP ranged from Straightforward to more Technical and Specialised levels of difficulty so there was something for everyone to try.

For those in the room who didn't fancy having go themselves we also did a complete walk-through of the sample challenges so everyone could see how they are done and had the chance to discuss them with other attendees.

The meeting ran in both North and South Wales simultaneously and was connected via video and audio, allowing attendees to gain the maximum benefit from speakers at both locations.

Cyber Wales CTF Cluster - January 2020

15th January 2020 | 18:00 - 20:00

National Cyber Security Academy, University of South Wales, Newport, NP20 2AL

Prior to this event, we sent out the following description of what the CTF Cluster is all about...

“Hackathon”, “Cyber Challenge”, “Code Fest”, “Red Team vs Blue Team”, “Black-hatting”, “Capture the Flag”

These are all words that are very familiar to people who have been involved in competitive computer gaming, coding and hacking but they are relatively new to the 'main stream' and have really come to the fore along with the rise of the cyber threat and need for everyone to become more cyber-savvy.

For the un-initiated, these words may also conjure up some scary images of rooms full of very knowledgeable computer geeks with lots of experience of hacking, able to use their computers with as much ease as kids seem to use computer game controllers, who could undoubtedly run rings around anyone who would not be considered an “expert”.

But... are you curious? Have you ever wondered:-
* What it's all about?
* What actually happens at one of these events?
* Just how much knowledge and/or experience do you need in order to take part?
* How much do you need to know to not look like a muppet? (after all, the gaming community are pretty famous for being brutal in their verbal haranguing of new people in their midst - ”nubes”).
* What is the point of doing a hackathon?
* Is it just a game or is there a hidden benefit to the 'gamification' of the hacker vs the SOC contest (or Red Team vs Blue Team)?

Or... have you been to these events and now you are looking for additional places where you can learn more about the tools and techniques, gain more knowledge and build your experience to be better at it?

If so, then welcome to The Cyber Wales Capture the Flag Cluster

This new cluster is designed to provide a welcoming environment for all abilities to come and learn about the techniques required for participating in CTFs, whether you are looking to just know more about how these competitions work, looking to enter your first event or are and experienced CTF participant, this new cluster is here to help.

Each month, attendees will experience samples of real CTF challenges including complete walk-throughs for the sample challenges and the ability to network and discuss topics of interest with other attendees.

The Cluster will also be 'Ground Zero' for a brand new Cyber Wales National Capture the Flag Competition which will run every year (starting now!) and the meetings will provide coaching and advice for members who want to take part.


This description piqued the interest of more than 80 people from all walks of life including CISOs, IT staff, Red Team Operators, Risk Consultants, Students and Faculty members from universities and colleges who all turned up to the launch of this new cluster.

The meeting ran in both North and South Wales simultaneously and people at Glyndwr University were connected via video and audio to people in the University of South Wales, allowing attendees to gain the maximum benefit from speakers at both locations.

After an introductory presentation there were demonstrations given of 4 key types of CTF challenge:-

* OSINT - a typical Level 1 social engineering challenge
* Forensics - a typical Level 1-2 PCAP analysis challenge (PCAP File)
* Offensive - a typical Level 1 web-site penetration challenge
* Knowledge - a typical Level 1 technical knowledge challenge


These were not interactive challenges, they were walk-throughs from a slide deck which can be downloaded here.

Join Now

Ready to get involved? Sign up FREE to become a member of the Cyber Wales Ecosystem.