Update: the class is full! Email me at [email protected] to join our waitlist.
I'm organizing a class where we will learn how to play the security game CTF. I think it's going to be a blast to be in a group of beginners all learning at the same time. Details are below, let me know if you'd like to join!
CTF (Capture the Flag) is just like an escape room, but it's online and you solve the puzzles by writing code. In a CTF, digital flags are hidden on a server and the game is to break the code running on the server to find the hidden flags.
Usually in a CTF there are a handful of tracks: Web Exploitation, Cryptography, Forensics, Binary Exploitation and Reverse Engineering. This class will deep dive into the web exploitation track. By the end, you should be equipped to compete in CTFs in the web exploitation section.
Want to see an example of a web exploitation CTF challenge? Check out this challenge from the 2018 picoCTF. By the end of this class, this is the type of web application you'll be able to look for vulnerabilities in and exploit them to find CTF flags.
Over the 4 weeks, we'll deep dive into 4 topics, all in web exploitation:
The way we will learn is by doing. Before class, you'll be given a couple of materials to watch or read through ahead of time, and then in class we'll spend the whole time doing practice challenges together.
Zach Wade is going to be our instructor - he competes in 15 CTFs a year and teaches CS students how to play CTF at Carnegie Mellon. His team PPP has won more DefCon CTFs than any other team in DefCon CTF's 21 year history. PPP also writes the challenges for two well-known annual CTFs: picoCTF and plaidCTF.
Class meets over Zoom, on Saturdays from 10-11:30am PT / 1 - 2:30PM ET, on September 14th, 21st, 28th and October 5th. It costs $20/class, aka $80 for the whole thing.