OWASP - User contributions [en]

Front Range OWASP Conference 2013/CTF

2013-03-28T17:44:50Z

Christopher Rossi:

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player that supports .vmdk files, such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the [[SnowFROC2013_CTF_Scoreboard| scoreboard]]. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.

Both team and individual prizes will be awarded based on merit and other achievements.


==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation and configuration instructions===

* Add the following entries to your hosts file:
10.50.65.12 training.theagency.owasp, theagency.owasp
10.56.65.87 theagency.owasp, Im.theagency.owasp
10.50.65.26 www.pla.owasp, secretlogin.pla.owasp, download.pla.owasp
10.50.65.187 shadowcorp.owasp
198.19.147.198 ctf.snowfroc.com
* The first network adapter must be a bridge network adapter.
*Configure the second network adapter to be a host-only network on your VM with IP address 10.50.65.254/24
* Load the .vmdk files
* Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.

*Make sure you are on the CTFSnowFROC wifi network (or plugged in directly at a table).

#Start by copying VM over to your machine. While that is going on, move on to the next steps.
#Make sure hosts file has the entries provided above.
#Within VirtualBox, go to file --> preferences --> network --> add host only network adapter.
#Edit this new adapter - put in 10.50.65.254 255.255.255.0
#In the VirtualBox main page- go to New, give the VM a name, set type to BSD, click next, set mem to at least 1 GB, Use Existing Virtual HD. Point it to the ctf.vmdk file you copied onto your machine. Create.
#Select VM in the VirtualBox main window, at top click settings. go to network, adapter 1, change to "Bridged Adapter". Adpater 2, enable network adapter, make it a host only adapter and select the adapter you created earlier. Hit ok.
#Start VM. Follow directions provided in VM.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Front Range OWASP Conference 2013/CTF

2013-03-28T16:56:27Z

Christopher Rossi:

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player that supports .vmdk files, such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the [[SnowFROC2013_CTF_Scoreboard| scoreboard]]. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.

Both team and individual prizes will be awarded based on merit and other achievements.


==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation and configuration instructions===

* Add the following entries to your hosts file:
10.50.65.12 training.theagency.owasp, theagency.owasp
10.56.65.87 theagency.owasp, Im.theagency.owasp
10.50.65.26 www.pla.owasp, secretlogin.pla.owasp, download.pla.owasp
10.50.65.187 shadowcorp.owasp
198.19.147.198 ctf.snowfroc.com
* The first network adapter must be a bridge network adapter.
*Configure the second network adapter to be a host-only network on your VM with IP address 10.50.65.254/24
* Load the .vmdk files
* Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Front Range OWASP Conference 2013/CTF

2013-03-28T16:04:47Z

Christopher Rossi:

==Capture the Flag Overview==
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.

Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.



==Rules==
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.

===Format===
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.

All contestant machines should have:
* A virtual machine player that supports .vmdk files, such as [http://www.vmware.com/products/player/ VMware Player], [https://www.virtualbox.org/wiki/Downloads VirtualBox], or [http://www.parallels.com/ Parallels].
* Appropriate penetration testing tool ([http://www.backtrack-linux.org BackTrack], [http://samurai.inguardians.com/ SamuraiWTF], [[OWASP_Mantra_OS|Mantra OS]], and [[ZAP|OWASP ZAP]] will fit in well).

===Acceptable behavior===
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
* No attacking the [[SnowFROC2013_CTF_Scoreboard| scoreboard]]. Misuse will result in punitive action.
* No targeting the VM. Do not mount the VM and harvest flags from within.
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
* No collusion. Work only within your own team.

===Prizes===
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.

Both team and individual prizes will be awarded based on merit and other achievements.


==Getting Started==
===Content acquisition===

This information will be released closer to the day of the event.

===Installation and configuration instructions===

* Add the following entries to your hosts file:
10.50.65.12 training.theagency.owasp, theagency.owasp
10.56.65.87 theagency.owasp, Im.theagency.owasp
10.50.65.26 www.pla.owasp, secretlogin.pla.owasp, download.pla.owasp
10.50.65.187 shadowcorp.owasp
* The first network adapter must be a bridge network adapter.
*Configure the second network adapter to be a host-only network on your VM with IP address 10.50.65.254/24
* Load the .vmdk files
* Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.

===Registration instructions===

Coming soon.

===Gameplay instructions===

Front Range OWASP Conference 2013/Introduction

2013-03-21T21:42:49Z

Christopher Rossi: fixed Friday date to 29

====Welcome to SnowFROC 2013 - the 5th Annual Front Range OWASP Security Conference====

[[Image:SnowFROC_Register.png|256px |link=http://www.cvent.com/d/dcqr8m |alt=Click here to register |Register]]

The Colorado OWASP chapters are proud to present the 5th annual SnowFROC. Join 300 other developers, business owners, and security professionals for a day-and-a-half of presentations, training, and Birds-of-a-Feather (BoaF) sessions. The SnowFROC 2013 keynote speaker is Neal Ziring, Technical Director of InfoProtection at NSA.

The conference will occur on Thursday, March 28th at the [[Front_Range_OWASP_Conference_2013#Venue | Denver Marriott City Center]] and will feature four primary tracks:
*High-Level Technical
*Deep-Dive / Hands-on Technical
*Management
*Legal

Running in parallel to the conference proceedings will be a capture the flag (CTF) hacking competition developed exclusively for SnowFROC by Boulder OWASP chapter members. The day will conclude with a moderated panel discussion featuring top industry leaders.

On Friday, March 29, [[Jim_Manico|Jim Manico]] will teach a course in secure coding. '''This training is free to SnowFROC attendees!'''

Friday will also offer BoaF sessions. Join like-minded industry leaders and discuss pressing issues facing the industry and you. BoaF sessions are self-lead and may address and issue you would like. Pitch your idea and get the ball rolling!

Finally, Friday will feature a postmortem of the CTF tournament. In addition to discussing solutions, techniques, and tools, we will encourage participants to attack the previously out-of-bounds CTF framework. Itching to break into the scoreboard and rack up the points? The gloves come off Friday morning.

==Conference Committee==
[[User:Mark_Major|Mark Major]]: Director

[[User:Brad_Carvalho|Brad Carvalho]]: Sponsorship, Executive events
 [[User:Craig_Klosterman|Craig Klosterman]]: Merchandise
 [[User:Steve_Kosten|Steve Kosten]]: Sponsorship, Executive events
 [[User:Glen Matthes|Glen Matthes]]: Planning
 [[User:Chris_Rossi|Chris Rossi]]: CTF, Networking events
 [[User:Greg_Foss|Greg Foss]]: CTF

==Colorado Chapter Hosts==
[[Boulder|OWASP Boulder chapter]]: [[User:Mark_Major|Mark Major]]
 [[Denver|OWASP Denver chapter]]: [[User:Steve_Kosten|Steve Kosten]], [[User:Brad_Carvalho|Brad Carvalho]] (acting)