From companies to consumers, we believe everyone has a responsibility to make technology as secure as possible. For Auth0, this means building secure processes, technology, tools, and a culture of trust that puts people at the center. So this year we want you to join us for our first-ever custom Capture The Flag (CTF) with Hack The Box from October 18th to October 25th.
But Wait a Minute, What Is a CTF?
A CTF or Capture The Flag is a cybersecurity competitive game where you have to solve or hack different types of challenges to gain access to a string -the flag- which looks something like this:
HTB{m1_f1rst_fl4g}
You enter that flag into Hack The Box and get points depending on the difficulty of the challenge. The team with the most points wins the game.
Sounds Easy, Is That It?
But winning alone is not the goal in our case. We designed our CTF with developers getting started in the security world in mind.
The benefit of learning cybersecurity principles and hacking techniques through a CTF is that you have certainty that the vulnerability exists in the challenge. When you go hacking in the real world, you don’t know whether the environment will be vulnerable or not. CTFs can also help you develop an attacker mindset, so the more you practice, the more secure and defensive your code will be.
Rikaard Hosein, Offensive Security Engineer (i.e hacker) at Auth0, and the mastermind behind this event got started in cybersecurity thanks to CTFs. “I solved my first cybersecurity web challenge when I was 15 and I was hooked. I kept on practicing CTFs in my spare time, and thanks to them I was able to transition from a developer role to Auth0’s offensive security engineering team. I designed the challenge concepts for this CTF to give you a little taste of what the CTF world is like, and to help you learn about cybersecurity”.
Our CTF is a Jeopardy-style one, meaning that the team that gets the most points wins. We have different types of challenges:
- Web: here you’ll find mostly web-based vulnerability and also authentication/authorization issues (of course we had to include that!). Web development knowledge will come in very handy on these.
- Cryptography: here you can find some improperly implemented encryption schemes, different (and perhaps a bit uncommon 😉) ciphers, and more.
- Reverse Engineering: some challenges may include a lower-level programming language like Assembly, decompiling code, debugging by doing step-by-step execution.
- Pwn - Binary Exploitation: the 0s and 1s! Finding a vulnerability in a binary or executable file.
- Misc: surprise
To solve these challenges you can use a wide range of freely available tools and decipher websites. Rikaard recommends a simple tool belt: a great mindset (learn, have fun, keep trying), burp suite community edition, your favorite scripting language, GDB and IDA. You may need other tools but finding those is also part of the challenge 😉.
I’m Excited. How Can I Join?
- No prior experience is required.
- You can participate either on your own or with a team of up to five people. We strongly recommend you find a team.
- Create an account in Hack The Box and sign up for the CTF starting now to get ready for October 18th. If you are part of a team, only the team captain needs to join the CTF (but everyone needs to have an account)
- Join Hack The Box’s discord channel
- Get ready to hack your way to the podium.
Resources to Get Started
- Hack The Box Introduction to CTFs
- CTF 101
- CTF Write ups (solutions to previous worldwide events)
- CTF Field Guide by Trailofbits
About the author
Annybell Villarroel
Security Culture Manager