Help
DCC Forum
A by-request forum where viewers may engage with show hosts - before, during, and after LiveStreams.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Capture the Flag!

JRahm
Community Manager
Community Manager

‎01-Jun-2022 09:19 - edited ‎17-Jun-2022 18:48

Hey there community...are you ready to capture the flag?ctf.jpg

We'll get the competition dates nailed down in the next week, but here are the details:

  • This CTF will be an individual exercise hosted in the F5 UDF environment. By commenting on this thread, we'll add you to the list and you'll get an invite to the competition.
  • The CTF will open June 21st at noon pacific and close June 24th at noon pacific.
  • This first CTF is not F5-centric, just an opportunity to grow or flash your red team skills against a very flawed web application.
  • There are no prizes associated, but we'll highlight the podium finishers on the DevCentral Connects live stream on June 28th.

We can't wait to see how everyone does!

Update Jun 17th: If you commented below, you should have an invite in your inbox. This will give you access to the vulnerable web application you will be attacking. To track your flags, please register at https://ctf.jimmypackets.com. Happy hunting!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
28 REPLIES 28

Adriano_Pugedo1
Altostratus
Altostratus

‎02-Jun-2022 09:28

yeap!

Rodolfo_Nützmann
MVP
MVP

‎02-Jun-2022 09:43 - edited ‎02-Jun-2022 09:43

Cool!! Sign me up please!

KeesvandenBos
MVP
MVP

‎02-Jun-2022 10:06

Yep

joaovianna7
Nimbostratus
Nimbostratus

‎02-Jun-2022 21:28

Great! Sign me in!

tiziano_rosato
Cirrus
Cirrus

‎03-Jun-2022 00:49

Sign me in.

AlexBCT
MVP
MVP

‎03-Jun-2022 04:15

Nice one - yes please! 

SaiBharath
Legacy Employee
Legacy Employee

‎03-Jun-2022 07:18

Add me please

boneyard
MVP
MVP

‎06-Jun-2022 11:49

ill give it go

Amine_Kadimi
MVP
MVP

‎07-Jun-2022 15:26

Let me in please

JRahm
Community Manager
Community Manager

‎07-Jun-2022 15:36

I'll get dates established by the end of the week and update here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

Sarah
Altocumulus
Altocumulus

‎08-Jun-2022 11:08 - edited ‎08-Jun-2022 11:11

Exciting! Please sign me up!

StefanBraittiNT
Nimbostratus
Nimbostratus

‎08-Jun-2022 12:29

☝️

vinisousa
Nimbostratus
Nimbostratus

‎12-Jun-2022 19:18

Let's do it

JRahm
Community Manager
Community Manager

‎13-Jun-2022 10:52 - edited ‎17-Jun-2022 14:38

Capture the Flag will open June 21st at noon pacific and close June 24th at noon pacific. Course invites will be sent June 20th.

We will announce results on June 28th on DevCentral Connects.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

Daniel_Wolf
MVP
MVP

‎16-Jun-2022 08:52

Am I late? Please count me in.

0 Kudos

JRahm
Community Manager
Community Manager
In response to Daniel_Wolf

‎17-Jun-2022 18:46

not at all! I'll keep adding people up to the the final day of the CTF. You should have an invite in your inbox. See below for tracking flags in addition to the CTF environment

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

JRahm
Community Manager
Community Manager

‎17-Jun-2022 18:38

We have a holiday on Monday, so I sent your registrations early. Let me know if you didn't get one.

The CTF environment won't open until noon on Tuesday the 21st, but you can complete your UDF registration at any time. To compete with each other, you'll need to sign up at https://ctf.jimmypackets.com to post the flags you find.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

SaiBharath
Legacy Employee
Legacy Employee
In response to JRahm

‎20-Jun-2022 21:27

Hi John ,

I haven't got a link to register for UDF environment , Can you please help me with that

0 Kudos

Brad_Otlin
F5 Employee
F5 Employee

‎18-Jun-2022 11:22

Sign me up!

0 Kudos

nathe
Cirrocumulus
Cirrocumulus

‎21-Jun-2022 05:58

Am I too late to give this a go?

0 Kudos

JRahm
Community Manager
Community Manager
In response to nathe

‎21-Jun-2022 10:43

not at all! I'll shoot you an invite from the UDF course, make sure you register at https://ctf.jimmypackets.com as well to track your progress.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos

JRahm
Community Manager
Community Manager

‎24-Jun-2022 13:40

Congrats @AlexBCT on finishing first in our kickoff CTF! More details to come on Tuesday's Top5. Would love to hear from you (and the others who competed!) on what you thought of the challenge, the environment, the registration process, etc. We'll do more of these in the future and refine as we go.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral

Daniel_Wolf
MVP
MVP
In response to JRahm

‎24-Jun-2022 22:44

Congrats to @AlexBCT from me too!

0 Kudos

nathe
Cirrocumulus
Cirrocumulus
In response to JRahm

‎27-Jun-2022 05:47

Hey Jason, I thought it was a great challenge so kudos for putting the CTF on.

From a registration point of view it was very straightforward and I got onto the environment pretty easily. The environment itself was pretty self-explanatory too, so I was able to get right on to the fun and games very quickly.

Juice Shop was a great choice too, as it's got plenty of challenges, of all levels, and there's enough documentation online to provide handy hints, and hold your hand through some of them. This means all types of people can try their hand, which is what you want really. It reminded me of my WAF building days (f5 ASM of course) when I would try and craft exploits to get round the defences. I was very rusty, but enjoyed the challenge and the chance to learn, or re-learn, hacking skills.

From a tools perspective, I used mainly Chrome Dev tools and OWASP Zap. With more time I would've probably made use of the Kali instance.

I did get an error when I loaded the site within Mozilla Firefox, wish I had taken a screenshot but it seemed to suggest it wasn't 100% compatible (may have been just for me).

Great work all. I just wish I had had more time, but that was mainly down to my own diary than the time allocated.

Nathe

0 Kudos

Amine_Kadimi
MVP
MVP

‎25-Jun-2022 13:38

Congrats @AlexBCT and everyone who participated

Would like to share the tools I've used: mainly fiddler and Firefox dev tools, and some online tools like cryptii.com, and Kali to solve the challenge of support team password but didn't know where to locate a word list file.

I wish that next time we could get more time before the labs expire. 

Daniel_Wolf
MVP
MVP

‎25-Jun-2022 23:24

I used mostly Chrome and Firefox Developer Tools.
Postman for automation and SQLi.
ZAP for fuzzing or manipulating and resending requests.
crackstation.net for passwords.

The registration process was straight forward, the UDF environment was ok.

The challenge was good. I have used the Juice Shop a couple of times, but never in a CTF. 

AlexBCT
MVP
MVP

‎26-Jun-2022 04:50

Thanks @JRahm et.al.! Was a great challenge indeed, have learned loads! To be honest, I was lucky that I had last week off, so could spend quite a bit of time on it.

Tools that I used; Firefox Developer tools a LOT, couple of Kali tools, though would have been good to have graphic user interface on the kali system or somewhere else inside the environment, so you get more "raw" access to Juice Shop server. I think there are a few challenges that can't be done (though I'd be happy to be proven wrong) because of the external layer. (for example the Cross-Site-Request-Forgery)

This video that was referenced was also very helpful and helped me to get started with the SQLi stuff; 

@JRahm

boneyard
MVP
MVP

‎31-Jul-2022 04:59

quite late but still congratulations @AlexBCT subscribed but the week went by too fast to actually join.

0 Kudos
Copyright © 2023 Khoros, LLC