SlideShare uma empresa Scribd logo
1 de 30
PROGRAMANDO E
CAPTURANDO BANDEIRAS
DIFERENCIAIS EM UM TIME DE CTF!
CAPTURETHEFLAG---->
WHEREISMYFLAG---->
GABRIELA FONSECA
FORMADA EM GESTÃO DE TI, UNINOVE.
PÓS GRADUANDO EM CYBER SECURITY.
VOLUNTÁRIA EM EVENTOS DE SEGURANÇA && TECNÓLOGIA.
ANALISTA DE SI, NA CIPHER.
CTF-PLAYER:
WHOAMI
HELP
BEFORESTART---->
O QUE É CFT? OBJETIVO? TIPOS DE CTF ?
FLAG? AONDE ESTA A FLAG?
MATE A SUA PRIMEIRA FLAG!
JOGADORES DE CTF , TIMES DE CTF E SUAS HABILIDADES.
EVENTOS DE CTF E SUAS MODALIDADES.
POSSO JOGAR? COMO FAZ? POR ONDE COMEÇO?
PORQUE JOGAR CTF?
O QUE É CTF?
CAPTURETHEFLAG---->
CAPTURE THE FLAG
CAPTURE THE FLAG
WHATISTHEPOINT?---->FLAG
É UMA COMPETIÇÃO ONDE O OBJETIVO É CAPTURAR A BANDEIRA, A FLAG.
ESTRUTURA DE UM CTF~
WEARELOSINGPOINTS---->FLAG
ORGANIZAÇÃO/EVENTO - ONLINE E PRESENCIAL
CHALLENGES & TASKS - DESAFIOS
TIMES & JOGADORES
SKILLS - HABILIDADES
HINT - DICAS
RANKING/SCOREBOARD
WRITEUP
TIPOS DE CTF [ /}
CAPTURETHEFLAG--->
ATTACK / DEFENSE
É UM AMBIENTE COM SERVÍÇOS VULNERÁVEIS.
CAPTURE A BANDEIRA INIMIGA É PROTEJA O SEU TERRITORIO.
JEOPARDY
SÃO DIVERSOS DESAFIOS COMPOSTO POR DIFERENTES NIVEIS DE
DIFICULDADES DE ACORDO COM A PONTUAÇÃO.
O QUE É FLAG?
WHATISTHEFLAG---->
CAPTURE A BANDEIRA, DIGO A FLAG
A FAMOSA FLAG
QUALÉOOBJETIVO?---->FLAG
HASH=CKDAOSAKSO394404303840KFFFNVNVJN
EU_POSSO_SER_UMA_FLAG
FLAG{VMVUAGEGSM9NYXIGQ1RGIG5VIEDHCM9H}
HEXQUEENS={4S_M3#IN4$_T6M_3N6O#T54M_F!4G}
GS2W{AOS_SABADOS_NOS_REUNIMOS_PARA_JOGAR_CTF_NO_GAROA}
AONDE ESTÁ A FLAG?
CAPTURETHEFLAG--->
SERVIÇOS:
APLICAÇÕES WEB, FTP, DNS E OUTROS SERVIÇOS...
ARQUIVOS CRIPTOGRAFADOS & ESTENOGRAFIA:
IMAGEM, AUDIO, E-MAIL, ARQUIVOS CORROMPIDOS E OUTROS...
ARQUIVOS BINARIOS:
EXECUTÁVEIS, VM , PROGRAMAS E ETC...
INFRA-ESTRUTURA:
LOG'S, SERVIDORES, MAQUINAS, REDE, PCAP'S ENTRE OUTROS...
WHEREISTHEFLAG--->
TIPOS DE DESAFIOS [?]
CAPTURETHEFLAG--->
CRYPTO
CRIPTOGRAFIA
FORENSICS
ANALÍSE FORENSE
NETWORKING
INFRA-ESTRUTURA E REDES
MISCELLANEOUS
DIVERSOS
TIPOS DE DESAFIOS [?]
CAPTURETHEFLAG--->
PWNABLE/EXPLOITATION
EXPLORAÇÃO DE BINÁRIOS
REVERSING
ENGENHARIA REVERSA
TRIVIA
TRIVIAIS
WEB HACKING
DESAFIOS
WELCOMETOTHEFLAG/GAMES--->
MATE A SUA PRIMEIRA FLAG !!!
DESAFIO DE CTF
YOURTEAMITSYOURNEWBFF
--->
HEY 7878787838
A) SERVIÇO
B) SITE
C) IP
D)N/D
DESAFIO DE CTF
YOURTEAMITSYOURNEWBFF
--->
HEY 7878787838
A) SERVIÇO
B) SITE
C) IP
D)N/D
DESAFIO DE CTF
YOURTEAMITSYOURNEWBFF
--->
O QUE PROGRAMAÇÃO TEM
HAVER COM CTF?
CAPTURETHEFLAG---->
DIFERENCIAIS EM UM TIME DE CTF!
HABILIDADES
TRYTOIMPROVENEWSKILLS---->
LÓGICA DE PROGRAMAÇÃO
ESCREVA SCRIPTS E EXPLOITS.
PROGRAMAÇÃO
DESAFIOS DE REDES, ENGENHARIA REVERSA, ANÁLISE FORENSE, PWNABLE ENTRE OUTROS.
TAMBÉM PODE ROUBAR A FLAG DO TIME ADVERSÁRIO.
CODE REVIEW
COMO "AS COISAS FUNCIONAM" OU COMO ARRUMAR AQUELE CÓDIGO ESCRITO POR ALGUÉM.
JOGADOR(A)ES DE CTF
GIRLSJUSTWANTTOHAVEFUN---->
AGATHA SOPHIA
WEB & PROGRAMAÇÃO EM C/C++ , PYTHON
ALLEY
WEB & PROGRAMAÇÃO EM C/C++ , PYTHON
INGRID SPANGLER
CRIPTOGRAFIA , FORENSE & PROGRAMAÇÃO EM PYTHON
CLARA NOBRE
WEB, REDES & PROGRAMAÇÃO EM PYTHON
GABRIELA FONSECA
WEB & STEGO
TIMES DE CTF
TEAM@CTF---->
EVENTOS E MODALIDADES
CAPTURETHEFLAG---->
JOGUE POR HOBBY OU SEJA CAMPEÃO NOS
EVENTOS
PRESENCIAIS/EVENTOS
CAPTURETHEFLAG--->
DISPUTAS/ONLINE ~
CTFTODAY---->
POR ONDE COMEÇAR?
CAPTURETHEFLAG--->
HTTP://CAPTF.COM/PRACTICE-CTF/
LET'S GO AND
SUBMIT THE
FLAG!
WHEREISTHEFLAG--->
#DESAFIO CODAMOS
CAPTURETHEFLAG--->
ACESSE: HTTP://104.233.105.35/NU/CODAMOS.HTML
ENCONTRE A FLAG E TWEET:
'HEY, @GAB__FONSECA' , A FLAG É --->'
PERGUNTAS?
CAPTURETHEFLAG--->
"FAÇA AMIGOS, MONTE UM TIME
E TENHA UMA VIDA SOCIAL."
- ARTHUR PAIXÃO
AND THE MOST IMPORTANT TIP OF ALL...
FLAG{OBRIGADO(A)}
GITHUB.COM/GABRIELAFONSECA
@GAB__FONSECA
AVAILABLEIN--->

Mais conteúdo relacionado

Semelhante a Programando e Capturando Bandeiras: Diferenciais em um Time de CTF!

Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
 
Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kazuhito Ohkawa
 
Life of PySpark - A tale of two environments
Life of PySpark - A tale of two environmentsLife of PySpark - A tale of two environments
Life of PySpark - A tale of two environmentsShankar M S
 
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...Felipe Prado
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...sonjeku1
 
Playing 44CON CTF for fun and profit
Playing 44CON CTF for fun and profitPlaying 44CON CTF for fun and profit
Playing 44CON CTF for fun and profit44CON
 
Playing CTFs for Fun & Profit
Playing CTFs for Fun & ProfitPlaying CTFs for Fun & Profit
Playing CTFs for Fun & Profitimpdefined
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드Woo Hyung Choi
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-optJeff Larkin
 

Semelhante a Programando e Capturando Bandeiras: Diferenciais em um Time de CTF! (11)

Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5
 
Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例Kauli SSPにおけるVyOSの導入事例
Kauli SSPにおけるVyOSの導入事例
 
Life of PySpark - A tale of two environments
Life of PySpark - A tale of two environmentsLife of PySpark - A tale of two environments
Life of PySpark - A tale of two environments
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
DEF CON 27 - GRICHTER - reverse engineering 4g hotspots for fun bugs net fina...
 
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-La...
 
Playing 44CON CTF for fun and profit
Playing 44CON CTF for fun and profitPlaying 44CON CTF for fun and profit
Playing 44CON CTF for fun and profit
 
Playing CTFs for Fun & Profit
Playing CTFs for Fun & ProfitPlaying CTFs for Fun & Profit
Playing CTFs for Fun & Profit
 
ACI Multicast 구성 가이드
ACI Multicast 구성 가이드ACI Multicast 구성 가이드
ACI Multicast 구성 가이드
 
Samplab19
Samplab19Samplab19
Samplab19
 
May2010 hex-core-opt
May2010 hex-core-optMay2010 hex-core-opt
May2010 hex-core-opt
 

Último

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Último (20)

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Programando e Capturando Bandeiras: Diferenciais em um Time de CTF!