SlideShare una empresa de Scribd logo

Root the Box - An Open Source Platform for CTF Administration

Descargar como PPTX, PDF
Christopher Grayson
Christopher Grayson

The document discusses Root the Box, an open-source platform for cybersecurity capture the flag (CTF) competitions. It outlines plans to partner with Georgia Tech Research Institute (GTRI) to host a large CTF event in Atlanta, with the goals of educating 400+ attendees and introducing high school and college students to information security. It also provides an overview of the Root the Box software and resources for training, such as vulnerable practice systems and ongoing online competitions.

Internet
1 de 47
ROOT THE BOX AN OPEN-SOURCE PLATFORM FOR CTF COMPETITIONS
THE AGENDA 1. Background Information • Who am I, why CTFs, why are they important • What CTFs are and how do they work 2. Root the Box Vision • GTRI and RTB joining forces for the greater good! 3. Root the Box Internals • How RTB is built, and how you can work with it 4. Ways to Train • Some ways that you can up your CTF and pen-testing game 5. Closing Not so hidden after all
BACKGROUND INFORMATION LAYIN‟ SOME GROUNDWORK
WHO AM I? • Christopher Grayson • cegrayson3@gmail.com • @_lavalamp • Senior Security Analyst at Bishop Fox (Pen-Testing FTW) • MSCS, BSCM from GT • Former Research Scientist from GT • Former president, GT hacking club That guy in the front…
WHAT ARE CTFS? • Broad category, but commonly… • Safe, controlled environment for learning how to break into things and how to defend against attackers • Attack and defense vs. just attack • Can be representative of realistic scenarios or esoteric challenges • Intellectually stimulating Did someone say Team Fortress?
WHY AM I HERE TODAY? • I currently have my dream job • I‟ve never had to choose between education and safety • I had the good fortune of attending SkyDogCon in 2012 • But the story continues… Raise a glass to the infosec community
WELL, THAT‟S SLIGHTLY COMPLICATED… • 3 teams at SkyDogCon Duplicity CTF, got 2nd, 3rd and 4th place • …out of 4 teams • Received tickets to Shmoocon 2013, Offensive Security training • Competed in TOOOL Master Keying competition • Received ticket to Shmoocon 2014 Or at least more complicated than one slide
LASTLY, WHY ARE YOU HERE? • We work in the coolest industry. Period. • We need more talented individuals. • We need safe places to hone our skills. • We need your support and interest to help grow this project. (Hopefully!)
HOW „BOUT THOSE COMPETITIONS?! LET‟S CAPTURE SOME FLAGS
ANATOMY OF A CTF • Attack and defend • iCTF, Root the Box • Solely attack • CSAW, Hungry Hungry Hackers • In-Person • DEF CON, Duplicity CTF • Online • Where do I even start… No guts, no glory
ATLANTA‟S LOCAL CTF SCENE • SECCDC • Collegiate only, hosted by KSU • Yearly, usually in Q1 • H3 • High school, collegiate focused, growing to industry professionals • Yearly, usually in Q3 • Grey H@t • Organizing small CTFs, have a team (cheers Mad H@tters) • Root the Box… • That‟s why we‟re here isn‟t it?! ATL has talent
THE VISION PLAYING THE LONG GAME
HUNGRY HUNGRY HACKERS • Started in 2010 by GTRI • Originally organized by Josh Davis, now organized by Daniel Lee • On-site only targeting primarily collegiate competitors • Focus on educational aspect • Regularly 200+ attendees in the past Om nom nom
THE H3 TEAM • GTRI IT support and staff • Josh Davis • The originator • Daniel Lee • The orchestrator • Winston Messer • The tech wiz • Keith Watson • The Swiss army knife Bringing the pain
AND THEN THERE WAS ROOT THE BOX • Originally from Chandler, AZ • High-quality on-site CTF focused on realistic scenarios • Built and maintained by moloch • 2014 will be its 10th competition! • Geared towards education • Great software package built for administering the competition! And yes, the boxes were rooted
ROOT THE SOFTWARE STACK • Root the Box is written in Python • Uses SQLAlchemy for back-end ORM • Uses Bootstrap CSS and jQuery on the front-end • Tornado web server for speedy service! A mighty fine stack, at that
THE BIG „13 • 2013 marked the first year where Root the Box took on a conference approach • Full speaker series on Friday, followed by all-day competition on Saturday • Lots of attendees, lots of fun Taking Root the Box to the next level
BRINGING IT TO A-TOWN • For the amount of awesome community and infosec tech and growth that comes from Atlanta, it should host the best competition • Great location for future growth due to Hartsfield Jackson • Great foundation by teaming up with GTRI and H3 • Event space locked down! • We need a way to educate and inspire the young and curious about the ethics around our industry and responsible education – what better place to do this? The not-so-dirty South
OUR GOALS • Free to attend • 400+ attendees, August 22-24 • Three-track conference on Friday night • Large on-site competition on Saturday • Award ceremony and closing remarks Sunday • Introduce high school and college-level students to the world of infosec • Heavy emphasis on education – whole educational track • Put employers in touch with talented individuals • Crowd-source challenge generation How‟s it going to be?
CREATING THE CHALLENGES • Challenge generation comes from internal sources as well as sponsors • Sponsorship includes financial support as well as challenge provision • Challenges are representative of sought skills • Put sponsoring organizations in touch with the properly-skilled individuals A whole lot of mutual benefit
SPONSOR DETAILS • Sponsorship levels will be announced • Sponsorship guarantees presence at H3/RTB conference • Sponsorship allows for the production of challenges • Challenges submitted in .ova format with an accompanying XML file In the raw
INTERESTED IN BEING A SPONSOR? • Get in touch with me either after this talk or later on • cegrayson3@gmail.com • Official sponsorship packet will be put together soon • Challenge specifications already compiled! Because that would be fine like wine
BACK INTO THAT SOFTWARE STACK TIME TO NERD OUT
WHAT IS THE ROOT THE BOX SOFTWARE? • The software package used to administer competitions at Root the Box • Open source, distributed under Apache 2 license • Takes care of all administrative aspects of the CTF competition • Also has game features that can add interesting twists to your CTF Wait, did I not go over that yet?
ROOT THE BOX INTERNALS • jQuery • The Write Less, Do More JavaScript Library • A library that is what JavaScript should have been • Rapid, easy development of front-end interaction • Bootstrap.css • A sleek, intuitive, and powerful mobile first front-end framework for faster development. • Lead by Twitter, provides great CSS functionality so that you don‟t hurt yourself or those around you trying to write CSS Business in the front
ROOT THE BOX INTERNALS • Tornado web server • A Python web framework and asynchronous networking library […] that can scale to tens of thousands of open connections. • SQLAlchemy • The Python SQL toolkit and Object Relational Mapper that gives application developers the full power and flexibility of SQL. Party in the back
SOME OTHER COOL PERKS • Root the Box uses web sockets to update competitors on competition events in real-time • CSS 3.0 animations! Unleash the full power of CSS! …cough cough • Snazzy front-end visualizations through graphing libraries • Has various components that can be turned off and on to add additional aspects to the managed game • Black market • Botnet • Vault! But wait, there‟s more!
WHERE CAN I GET THE SOURCE CODE? • Root the Box is available on GitHub • https://github.com/moloch-- /RootTheBox/ • Comes with a detailed README as well as step-by-step configuration instructions • Actively maintained by moloch Get your hands on the goods!
PREP AND PARTICIPATE PUT ON YOUR HARD HATS LADIES AND GENTLEMEN
TRAINING GROUNDS • OpenSecurityTraining can be found online • http://opensecuritytraining.info/ • “Is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long.” • Has free, professional courses on all matters hacking • Even has course outlines and pre- requisites! OpenSecurityTraining.info
TRAINING GROUNDS • SecurityTube can be found online • http://www.securitytube.net/ • Large amounts of free videos created by the site‟s founder • Aggregation of conference videos and lectures • Full primers on lots of different hacking areas SecurityTube.net
TRAINING GROUNDS • Corelan can be found online • https://www.corelan.be/ • In-depth tutorials detailing exploit-writing and binary exploitation • Tons of other educational resources, primarily focused on binary and RE topics Corelan.be
TRAINING GROUNDS • Offensive Security can be found online • http://www.offensive-security.com/ • The group that created Backtrack and Kali Linux distributions • Training is not free, but the training you get from their courses is top- notch and well-managed. • Has an IRC channel that you can hang out in! Offensive-Security.com
VULNERABLE IMAGES • VulnHub can be found online: • http://vulnhub.com/ • A large repository of software images that are created solely to be vulnerable • Great place to get software packages to hack on • Has an IRC channel you can hang out in! Stand „em up and knock „em down
ONGOING COMPETITIONS • CTF365 can be found online: • http://ctf365.com/ • Touts a massive online, persistent CTF • CTFTime can be found online: • https://ctftime.org/ • Keeps track of CTF competitions worldwide, maintains scores for teams across different CTFs It‟s a good day to hack
STAND-ALONE CHALLENGES • We Chall can be found online: • https://www.wechall.net/ • Is an aggregation site for individual challenges • Advertises a total of 133 challenges available The featherweight class
CHAT WITH THE COMMUNITY • Hang out on Freenode to talk through challenges and difficulties you have trouble with. • #metasploit – Metasploit developers • #corelan – Folks from Corelan team • #vulnhub – Folks from Vulnhub team • #offsec – Folks from Offensive Security Don‟t forget to RTFM
RECAP WE ALL NEED SOME CLOSURE
CTFS ARE IMPORTANT • Lower the barrier to entry for newcomers in the infosec field • Provide safe environments for people to learn critical skills • Are intellectually stimulating • Allow us to teach younger people how to responsibly conduct themselves while working with powerful tools and technologies • We need more talented people in this field It‟s the age of information folks!
GTRI + RTB + YOU = AWESOME • Root the Box and GTRI have had the same mission but have operated in different venues up until now • We‟re teaming up to put on what is hopefully one of the best on-site CTFs this world has ever seen • We‟d love for you to be a part of it • Mark your calendars for 08/22/14 and follow @rootthebox for more information! I‟m no mathematician, but…
WE‟RE LOOKING FOR SUPPORT • The more support we can garner, the better this event and all future events will be • If you‟re looking to hire infosec talent, and think that teaming up with RTB / H3 would be beneficial, let‟s talk! Let‟s build something together
RESOURCES • Hopefully I‟ve been able to share some resources that you have not heard of before • I‟ll be posting these slides to the interwebs within the next week • Follow me at @_lavalamp for the link Back to that whole age of information thing…
AND NOW FOR SOME Q&A GIMME SOME TLC?
REFERENCES A DIGITAL GOODIE-BAG
GTRI Hungry Hungry Hackers / H3 • http://www.hungryhungryhackers.org/ Root the Box Competition • http://root-the-box.com/ Root the Box on GitHub • https://github.com/moloch--/RootTheBox/ Moloch on GitHub • https://github.com/moloch--/ SQLAlchemy • http://www.sqlalchemy.org/ Tornado Web Server • http://www.tornadoweb.org/en/stable/ Bootstrap CSS • http://getbootstrap.com/css/ jQuery • http://jquery.com/ OpenSecurityTraining • http://opensecuritytraining.info/ SecurityTube • http://www.securitytube.net/ Corelan • https://www.corelan.be/ Offensive Security • http://www.offensive-security.com/ Vulnhub • http://vulnhub.com/ CTF365 • http://ctf365.com/
CTFTime • https://ctftime.org/ WeChall • https://www.wechall.net
THANK YOU! Christopher Grayson cegrayson3@gmail.com @_lavalamp

Recomendados

What Is DevOps?
What Is DevOps?What Is DevOps?
What Is DevOps?
Soumya De
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
Vipin Mandale
 
Git and GitFlow branching model
Git and GitFlow branching modelGit and GitFlow branching model
Git and GitFlow branching model
Pavlo Hodysh
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain Fundamentals
Santiago Rivera González
 
Svn vs mercurial vs github
Svn vs mercurial vs githubSvn vs mercurial vs github
Svn vs mercurial vs github
Vinoth Kannan
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
DevOps Architecture Design
DevOps Architecture DesignDevOps Architecture Design
DevOps Architecture Design
Agile Testing Alliance
 
Git Branching – the battle of the ages
Git Branching – the battle of the agesGit Branching – the battle of the ages
Git Branching – the battle of the ages
Jasmin Fluri
 

Recomendados

What Is DevOps?
What Is DevOps?What Is DevOps?
What Is DevOps?
Soumya De
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
Vipin Mandale
 
Git and GitFlow branching model
Git and GitFlow branching modelGit and GitFlow branching model
Git and GitFlow branching model
Pavlo Hodysh
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain Fundamentals
Santiago Rivera González
 
Svn vs mercurial vs github
Svn vs mercurial vs githubSvn vs mercurial vs github
Svn vs mercurial vs github
Vinoth Kannan
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
DevOps Architecture Design
DevOps Architecture DesignDevOps Architecture Design
DevOps Architecture Design
Agile Testing Alliance
 
Git Branching – the battle of the ages
Git Branching – the battle of the agesGit Branching – the battle of the ages
Git Branching – the battle of the ages
Jasmin Fluri
 
Introduction to devops
Introduction to devopsIntroduction to devops
Introduction to devops
UtpalenduChakrobortt1
 
Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)
Maria Xinhe Shen
 
DevSecOps : de la théorie à la pratique
DevSecOps : de la théorie à la pratiqueDevSecOps : de la théorie à la pratique
DevSecOps : de la théorie à la pratique
bertrandmeens
 
Présentation de git
Présentation de gitPrésentation de git
Présentation de git
Julien Blin
 
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et KyvernoSécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Mohamed Abdennebi
 
Monorepo at Pinterest
Monorepo at PinterestMonorepo at Pinterest
Monorepo at Pinterest
Suman Karumuri
 
You, and Me, and Docker Makes Three
You, and Me, and Docker Makes ThreeYou, and Me, and Docker Makes Three
You, and Me, and Docker Makes Three
Christopher Grayson
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm Here
Christopher Grayson
 
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
Christopher Grayson
 
CableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home NetworkCableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home Network
Christopher Grayson
 
Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
Christopher Grayson
 
Cloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big DataCloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big Data
Christopher Grayson
 
Grey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 RecapGrey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 Recap
Christopher Grayson
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
Christopher Grayson
 
SXSW 2019 VR Takeaways
SXSW 2019 VR Takeaways SXSW 2019 VR Takeaways
SXSW 2019 VR Takeaways
Nathanael Girard
 
CTFs, Bugbounty and your security career
CTFs, Bugbounty and your security careerCTFs, Bugbounty and your security career
CTFs, Bugbounty and your security career
Ibrahim El-Sayed
 
Robotics, Search and AI with Solr, MyRobotLab, and Deeplearning4j
Robotics, Search and AI with Solr, MyRobotLab, and Deeplearning4jRobotics, Search and AI with Solr, MyRobotLab, and Deeplearning4j
Robotics, Search and AI with Solr, MyRobotLab, and Deeplearning4j
Kevin Watters
 
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
Lucidworks
 
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Barry Tarlton
 
Cerebro general overiew eng
Cerebro general overiew engCerebro general overiew eng
Cerebro general overiew eng
CineSoft
 
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Acquia
 

Más contenido relacionado

La actualidad más candente

Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et KyvernoSécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Mohamed Abdennebi
 

La actualidad más candente (6)

Introduction to devops
Introduction to devopsIntroduction to devops
Introduction to devops
 
Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)Developer Report 2021 (Published: January 2022)
Developer Report 2021 (Published: January 2022)
 
DevSecOps : de la théorie à la pratique
DevSecOps : de la théorie à la pratiqueDevSecOps : de la théorie à la pratique
DevSecOps : de la théorie à la pratique
 
Présentation de git
Présentation de gitPrésentation de git
Présentation de git
 
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et KyvernoSécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
Sécurisez votre software supply chain avec SLSA, Sigstore et Kyverno
 
Monorepo at Pinterest
Monorepo at PinterestMonorepo at Pinterest
Monorepo at Pinterest
 

Destacado

Destacado (9)

You, and Me, and Docker Makes Three
You, and Me, and Docker Makes ThreeYou, and Me, and Docker Makes Three
You, and Me, and Docker Makes Three
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm Here
 
Grey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request ForgeryGrey H@t - Cross-site Request Forgery
Grey H@t - Cross-site Request Forgery
 
CableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home NetworkCableTap - Wirelessly Tapping Your Home Network
CableTap - Wirelessly Tapping Your Home Network
 
Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
Cloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big DataCloudstone - Sharpening Your Weapons Through Big Data
Cloudstone - Sharpening Your Weapons Through Big Data
 
Grey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 RecapGrey H@t - Academic Year 2012-2013 Recap
Grey H@t - Academic Year 2012-2013 Recap
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
 

Similar a Root the Box - An Open Source Platform for CTF Administration

The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
Lucidworks
 
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Barry Tarlton
 
Cerebro general overiew eng
Cerebro general overiew engCerebro general overiew eng
Cerebro general overiew eng
CineSoft
 
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Acquia
 
JAZOON'13 - Abdelmonaim Remani - The Economies of Scaling Software
JAZOON'13 - Abdelmonaim Remani - The Economies of Scaling SoftwareJAZOON'13 - Abdelmonaim Remani - The Economies of Scaling Software
JAZOON'13 - Abdelmonaim Remani - The Economies of Scaling Software
jazoon13
 
The Economies of Scaling Software
The Economies of Scaling SoftwareThe Economies of Scaling Software
The Economies of Scaling Software
Abdelmonaim Remani
 
The economies of scaling software - Abdel Remani
The economies of scaling software - Abdel RemaniThe economies of scaling software - Abdel Remani
The economies of scaling software - Abdel Remani
jaxconf
 
What’s New and Exciting in Library Makerspaces
What’s New and Exciting in Library MakerspacesWhat’s New and Exciting in Library Makerspaces
What’s New and Exciting in Library Makerspaces
St. Petersburg College
 
Internet of Things, TYBSC IT, Semester 5, Unit II
Internet of Things, TYBSC IT, Semester 5, Unit IIInternet of Things, TYBSC IT, Semester 5, Unit II
Internet of Things, TYBSC IT, Semester 5, Unit II
Arti Parab Academics
 

Similar a Root the Box - An Open Source Platform for CTF Administration (20)

SXSW 2019 VR Takeaways
SXSW 2019 VR Takeaways SXSW 2019 VR Takeaways
SXSW 2019 VR Takeaways
 
CTFs, Bugbounty and your security career
CTFs, Bugbounty and your security careerCTFs, Bugbounty and your security career
CTFs, Bugbounty and your security career
 
Robotics, Search and AI with Solr, MyRobotLab, and Deeplearning4j
Robotics, Search and AI with Solr, MyRobotLab, and Deeplearning4jRobotics, Search and AI with Solr, MyRobotLab, and Deeplearning4j
Robotics, Search and AI with Solr, MyRobotLab, and Deeplearning4j
 
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
The Intersection of Robotics, Search and AI with Solr, MyRobotLab, and Deep L...
 
Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!Pi, Python, and Paintball??? Innovating with Affordable Tech!
Pi, Python, and Paintball??? Innovating with Affordable Tech!
 
Cerebro general overiew eng
Cerebro general overiew engCerebro general overiew eng
Cerebro general overiew eng
 
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
Story of Multnomah County: Migrating from Vignette and Building a Drupal Ecos...
 
PyData Texas 2015 Keynote
PyData Texas 2015 KeynotePyData Texas 2015 Keynote
PyData Texas 2015 Keynote
 
Oscon 2016: open source lessons from the todo group
Oscon 2016: open source lessons from the todo groupOscon 2016: open source lessons from the todo group
Oscon 2016: open source lessons from the todo group
 
Hacker culture at an internet company. 文明塾, 2014/04/23
Hacker culture at an internet company. 文明塾, 2014/04/23Hacker culture at an internet company. 文明塾, 2014/04/23
Hacker culture at an internet company. 文明塾, 2014/04/23
 
Open Source Lessons from the TODO Group
Open Source Lessons from the TODO GroupOpen Source Lessons from the TODO Group
Open Source Lessons from the TODO Group
 
JAZOON'13 - Abdelmonaim Remani - The Economies of Scaling Software
JAZOON'13 - Abdelmonaim Remani - The Economies of Scaling SoftwareJAZOON'13 - Abdelmonaim Remani - The Economies of Scaling Software
JAZOON'13 - Abdelmonaim Remani - The Economies of Scaling Software
 
The Economies of Scaling Software
The Economies of Scaling SoftwareThe Economies of Scaling Software
The Economies of Scaling Software
 
The economies of scaling software - Abdel Remani
The economies of scaling software - Abdel RemaniThe economies of scaling software - Abdel Remani
The economies of scaling software - Abdel Remani
 
What’s New and Exciting in Library Makerspaces
What’s New and Exciting in Library MakerspacesWhat’s New and Exciting in Library Makerspaces
What’s New and Exciting in Library Makerspaces
 
Future of Grails
Future of GrailsFuture of Grails
Future of Grails
 
Turning huge ships - Open Source and Microsoft
Turning huge ships - Open Source and MicrosoftTurning huge ships - Open Source and Microsoft
Turning huge ships - Open Source and Microsoft
 
Startupfest 2017: Justin Schier (SCRUFF)
Startupfest 2017: Justin Schier (SCRUFF)Startupfest 2017: Justin Schier (SCRUFF)
Startupfest 2017: Justin Schier (SCRUFF)
 
Internet of Things, TYBSC IT, Semester 5, Unit II
Internet of Things, TYBSC IT, Semester 5, Unit IIInternet of Things, TYBSC IT, Semester 5, Unit II
Internet of Things, TYBSC IT, Semester 5, Unit II
 
Carrier guidance for tech
Carrier guidance for techCarrier guidance for tech
Carrier guidance for tech
 

Último

Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 

Último (20)

"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 

Root the Box - An Open Source Platform for CTF Administration

  • 1. ROOT THE BOX AN OPEN-SOURCE PLATFORM FOR CTF COMPETITIONS
  • 2. THE AGENDA 1. Background Information • Who am I, why CTFs, why are they important • What CTFs are and how do they work 2. Root the Box Vision • GTRI and RTB joining forces for the greater good! 3. Root the Box Internals • How RTB is built, and how you can work with it 4. Ways to Train • Some ways that you can up your CTF and pen-testing game 5. Closing Not so hidden after all
  • 4. WHO AM I? • Christopher Grayson • cegrayson3@gmail.com • @_lavalamp • Senior Security Analyst at Bishop Fox (Pen-Testing FTW) • MSCS, BSCM from GT • Former Research Scientist from GT • Former president, GT hacking club That guy in the front…
  • 5. WHAT ARE CTFS? • Broad category, but commonly… • Safe, controlled environment for learning how to break into things and how to defend against attackers • Attack and defense vs. just attack • Can be representative of realistic scenarios or esoteric challenges • Intellectually stimulating Did someone say Team Fortress?
  • 6. WHY AM I HERE TODAY? • I currently have my dream job • I‟ve never had to choose between education and safety • I had the good fortune of attending SkyDogCon in 2012 • But the story continues… Raise a glass to the infosec community
  • 7. WELL, THAT‟S SLIGHTLY COMPLICATED… • 3 teams at SkyDogCon Duplicity CTF, got 2nd, 3rd and 4th place • …out of 4 teams • Received tickets to Shmoocon 2013, Offensive Security training • Competed in TOOOL Master Keying competition • Received ticket to Shmoocon 2014 Or at least more complicated than one slide
  • 8. LASTLY, WHY ARE YOU HERE? • We work in the coolest industry. Period. • We need more talented individuals. • We need safe places to hone our skills. • We need your support and interest to help grow this project. (Hopefully!)
  • 9. HOW „BOUT THOSE COMPETITIONS?! LET‟S CAPTURE SOME FLAGS
  • 10. ANATOMY OF A CTF • Attack and defend • iCTF, Root the Box • Solely attack • CSAW, Hungry Hungry Hackers • In-Person • DEF CON, Duplicity CTF • Online • Where do I even start… No guts, no glory
  • 11. ATLANTA‟S LOCAL CTF SCENE • SECCDC • Collegiate only, hosted by KSU • Yearly, usually in Q1 • H3 • High school, collegiate focused, growing to industry professionals • Yearly, usually in Q3 • Grey H@t • Organizing small CTFs, have a team (cheers Mad H@tters) • Root the Box… • That‟s why we‟re here isn‟t it?! ATL has talent
  • 13. HUNGRY HUNGRY HACKERS • Started in 2010 by GTRI • Originally organized by Josh Davis, now organized by Daniel Lee • On-site only targeting primarily collegiate competitors • Focus on educational aspect • Regularly 200+ attendees in the past Om nom nom
  • 14. THE H3 TEAM • GTRI IT support and staff • Josh Davis • The originator • Daniel Lee • The orchestrator • Winston Messer • The tech wiz • Keith Watson • The Swiss army knife Bringing the pain
  • 15. AND THEN THERE WAS ROOT THE BOX • Originally from Chandler, AZ • High-quality on-site CTF focused on realistic scenarios • Built and maintained by moloch • 2014 will be its 10th competition! • Geared towards education • Great software package built for administering the competition! And yes, the boxes were rooted
  • 16. ROOT THE SOFTWARE STACK • Root the Box is written in Python • Uses SQLAlchemy for back-end ORM • Uses Bootstrap CSS and jQuery on the front-end • Tornado web server for speedy service! A mighty fine stack, at that
  • 17. THE BIG „13 • 2013 marked the first year where Root the Box took on a conference approach • Full speaker series on Friday, followed by all-day competition on Saturday • Lots of attendees, lots of fun Taking Root the Box to the next level
  • 18. BRINGING IT TO A-TOWN • For the amount of awesome community and infosec tech and growth that comes from Atlanta, it should host the best competition • Great location for future growth due to Hartsfield Jackson • Great foundation by teaming up with GTRI and H3 • Event space locked down! • We need a way to educate and inspire the young and curious about the ethics around our industry and responsible education – what better place to do this? The not-so-dirty South
  • 19. OUR GOALS • Free to attend • 400+ attendees, August 22-24 • Three-track conference on Friday night • Large on-site competition on Saturday • Award ceremony and closing remarks Sunday • Introduce high school and college-level students to the world of infosec • Heavy emphasis on education – whole educational track • Put employers in touch with talented individuals • Crowd-source challenge generation How‟s it going to be?
  • 20. CREATING THE CHALLENGES • Challenge generation comes from internal sources as well as sponsors • Sponsorship includes financial support as well as challenge provision • Challenges are representative of sought skills • Put sponsoring organizations in touch with the properly-skilled individuals A whole lot of mutual benefit
  • 21. SPONSOR DETAILS • Sponsorship levels will be announced • Sponsorship guarantees presence at H3/RTB conference • Sponsorship allows for the production of challenges • Challenges submitted in .ova format with an accompanying XML file In the raw
  • 22. INTERESTED IN BEING A SPONSOR? • Get in touch with me either after this talk or later on • cegrayson3@gmail.com • Official sponsorship packet will be put together soon • Challenge specifications already compiled! Because that would be fine like wine
  • 23. BACK INTO THAT SOFTWARE STACK TIME TO NERD OUT
  • 24. WHAT IS THE ROOT THE BOX SOFTWARE? • The software package used to administer competitions at Root the Box • Open source, distributed under Apache 2 license • Takes care of all administrative aspects of the CTF competition • Also has game features that can add interesting twists to your CTF Wait, did I not go over that yet?
  • 25. ROOT THE BOX INTERNALS • jQuery • The Write Less, Do More JavaScript Library • A library that is what JavaScript should have been • Rapid, easy development of front-end interaction • Bootstrap.css • A sleek, intuitive, and powerful mobile first front-end framework for faster development. • Lead by Twitter, provides great CSS functionality so that you don‟t hurt yourself or those around you trying to write CSS Business in the front
  • 26. ROOT THE BOX INTERNALS • Tornado web server • A Python web framework and asynchronous networking library […] that can scale to tens of thousands of open connections. • SQLAlchemy • The Python SQL toolkit and Object Relational Mapper that gives application developers the full power and flexibility of SQL. Party in the back
  • 27. SOME OTHER COOL PERKS • Root the Box uses web sockets to update competitors on competition events in real-time • CSS 3.0 animations! Unleash the full power of CSS! …cough cough • Snazzy front-end visualizations through graphing libraries • Has various components that can be turned off and on to add additional aspects to the managed game • Black market • Botnet • Vault! But wait, there‟s more!
  • 28. WHERE CAN I GET THE SOURCE CODE? • Root the Box is available on GitHub • https://github.com/moloch-- /RootTheBox/ • Comes with a detailed README as well as step-by-step configuration instructions • Actively maintained by moloch Get your hands on the goods!
  • 29. PREP AND PARTICIPATE PUT ON YOUR HARD HATS LADIES AND GENTLEMEN
  • 30. TRAINING GROUNDS • OpenSecurityTraining can be found online • http://opensecuritytraining.info/ • “Is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long.” • Has free, professional courses on all matters hacking • Even has course outlines and pre- requisites! OpenSecurityTraining.info
  • 31. TRAINING GROUNDS • SecurityTube can be found online • http://www.securitytube.net/ • Large amounts of free videos created by the site‟s founder • Aggregation of conference videos and lectures • Full primers on lots of different hacking areas SecurityTube.net
  • 32. TRAINING GROUNDS • Corelan can be found online • https://www.corelan.be/ • In-depth tutorials detailing exploit-writing and binary exploitation • Tons of other educational resources, primarily focused on binary and RE topics Corelan.be
  • 33. TRAINING GROUNDS • Offensive Security can be found online • http://www.offensive-security.com/ • The group that created Backtrack and Kali Linux distributions • Training is not free, but the training you get from their courses is top- notch and well-managed. • Has an IRC channel that you can hang out in! Offensive-Security.com
  • 34. VULNERABLE IMAGES • VulnHub can be found online: • http://vulnhub.com/ • A large repository of software images that are created solely to be vulnerable • Great place to get software packages to hack on • Has an IRC channel you can hang out in! Stand „em up and knock „em down
  • 35. ONGOING COMPETITIONS • CTF365 can be found online: • http://ctf365.com/ • Touts a massive online, persistent CTF • CTFTime can be found online: • https://ctftime.org/ • Keeps track of CTF competitions worldwide, maintains scores for teams across different CTFs It‟s a good day to hack
  • 36. STAND-ALONE CHALLENGES • We Chall can be found online: • https://www.wechall.net/ • Is an aggregation site for individual challenges • Advertises a total of 133 challenges available The featherweight class
  • 37. CHAT WITH THE COMMUNITY • Hang out on Freenode to talk through challenges and difficulties you have trouble with. • #metasploit – Metasploit developers • #corelan – Folks from Corelan team • #vulnhub – Folks from Vulnhub team • #offsec – Folks from Offensive Security Don‟t forget to RTFM
  • 38. RECAP WE ALL NEED SOME CLOSURE
  • 39. CTFS ARE IMPORTANT • Lower the barrier to entry for newcomers in the infosec field • Provide safe environments for people to learn critical skills • Are intellectually stimulating • Allow us to teach younger people how to responsibly conduct themselves while working with powerful tools and technologies • We need more talented people in this field It‟s the age of information folks!
  • 40. GTRI + RTB + YOU = AWESOME • Root the Box and GTRI have had the same mission but have operated in different venues up until now • We‟re teaming up to put on what is hopefully one of the best on-site CTFs this world has ever seen • We‟d love for you to be a part of it • Mark your calendars for 08/22/14 and follow @rootthebox for more information! I‟m no mathematician, but…
  • 41. WE‟RE LOOKING FOR SUPPORT • The more support we can garner, the better this event and all future events will be • If you‟re looking to hire infosec talent, and think that teaming up with RTB / H3 would be beneficial, let‟s talk! Let‟s build something together
  • 42. RESOURCES • Hopefully I‟ve been able to share some resources that you have not heard of before • I‟ll be posting these slides to the interwebs within the next week • Follow me at @_lavalamp for the link Back to that whole age of information thing…
  • 43. AND NOW FOR SOME Q&A GIMME SOME TLC?
  • 45. GTRI Hungry Hungry Hackers / H3 • http://www.hungryhungryhackers.org/ Root the Box Competition • http://root-the-box.com/ Root the Box on GitHub • https://github.com/moloch--/RootTheBox/ Moloch on GitHub • https://github.com/moloch--/ SQLAlchemy • http://www.sqlalchemy.org/ Tornado Web Server • http://www.tornadoweb.org/en/stable/ Bootstrap CSS • http://getbootstrap.com/css/ jQuery • http://jquery.com/ OpenSecurityTraining • http://opensecuritytraining.info/ SecurityTube • http://www.securitytube.net/ Corelan • https://www.corelan.be/ Offensive Security • http://www.offensive-security.com/ Vulnhub • http://vulnhub.com/ CTF365 • http://ctf365.com/