Forgot your password?
typodupeerror

Comment: resources (Score 5, Informative) 102

by numatrix (#48109497) Attached to: Ask Slashdot: Capture the Flag Training

(for some reason the first time I loaded this page there were no comments, so some of this is duplicate)

Excellent! Very glad to hear it. There are a /ton/ of helpful resources out there for you. Here's a brain-dump of some of the most popular:

* CTFTime : http://ctftime.org/ : Website that tracks team scores, upcoming events, and writeups for previous events.
* CapTF : http://captf.com/ : My CTF dump-site that includes a calendar, links to "practice" sites (aka Wargames), and many years worth of CTF events archived
* Field Guide : http://trailofbits.github.io/c... : Specifically covering the skills / approaches, the field guide is a good read for anyone getting into this world.
* Guide for Running a CTF : https://github.com/pwning/docs... : Written by PPP (CMU's ever-dominant CTF team) along with feedback from the broader CTF community, this guide is more relevant when making a CTF, but can aid in understanding how the good CTFs are designed.
* PicoCTF : https://picoctf.com/ : PicoCTF is designed for high school students, but had an awesome difficulty curve, getting up to some relatively advanced challenges by the end of it. It's also extremely well designed, runs for a longer period of time and is a
* CSAW : https://ctf.isis.poly.edu/ : One of the best events targeted specifically at College students, unfortunately the qualifier round just finished, and the participants already selected for the final round, but you can always check out the archives of previous challenges to get a feel for the difficulty. Note that the qualifier event is typically intended to be much easier than the in-person finals to better encourage new students to get into the sport.
* IRC : irc.freenode.net#pwning : There's a lively and active community in #pwning on freenode that would be happy to help you with questions/advice related to CTFs.
* YouTube : There's a couple of different presentations/talks on CTFs over the years. If your'e interested in learning more about attack-defense CTFs and in-particular DEF CON CTF, I gave an old talk that's mostly still relevant (https://www.youtube.com/watch?v=okPWY0FeUoU), though I'd recommend you not focus on A/D at first, but just get into the regular challenge based or jeopardy boards as they're sometimes called.

The best way to prepare for CTF is by... playing CTFs. There's no real magic formula, just go out there and start working on challenges. Old CTFs are great as learning exercises since you can usually cheat and read a writeup, but avoid the temptation as much as possible. If stuck, go off and try another problem first, and only if you're /really/ stuck should you check out a writeup.

Music

+ - Apple Itunes has gone DRM-free

Submitted by scordis
scordis (167939) writes "Just this morning on running Apple's "Software Update" alongside the expected security update, I recieved a 7.2 update for itunes. Which includes the much talked about support for the so called enhanced DRM free music from EMI. So it is here! How long before we start to see other labels moving to this new "enhanced" format?"
Security

+ - Google Hacked... By Google?

Submitted by
numatrix
numatrix writes "Network Computing is covering a simple google search that revealed an internal Google application earlier this morning. It appears that not only was the application used to remove urls from the search index, but walking up the directory tree revealed sensitive database connection information (including a password made up of only two characters!)."
Security

+ - Skip a security check, get suspended

Submitted by
numatrix
numatrix writes "Network Computing has a piece about a University of Portland student who was suspended for writing a program to bypass the Cisco Clean Access NAC system on campus. Apparently this incredibly dangerous activity is a Patriot Act violation. Or, at least, it is if you believe the letters being sent out by the administration at UP who seem to be confusing "skipping security checks" with "hack into a licensed product"."
Wii

+ - Wii + Warp Pipe = Del.icio.us Tabbed Browsing

Submitted by
An anonymous reader writes "The folks at Warp Pipe have developed a simple yet useful tabbed browsing interface for the Wii with del.icio.us bookmark integration which makes browsing on the Wii more efficient until the fully realized Opera build hits later next year. The web application does not require registration, this video overviews the interface and feature set in this early release."
Music

+ - What Questions Should We Ask RIAA "Expert"

Submitted by
NewYorkCountryLawyer
NewYorkCountryLawyer writes "In UMG v. Lindor, the RIAA has submitted an "expert" report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and (b) supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's "experts" have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)"

Never ask two questions in a business letter. The reply will discuss the one you are least interested, and say nothing about the other.

Working...