CTF Radiooo

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus do a live-from-DEF CON interview with clasm and honululu, the co-captains of the Shellphish AIxCC team. They talk about their approach to the AIxCC qualification competition and their cyber reasoning system ARTIPHISHELL. Finally, we finish with live footage of Shellphish when the seven $2M winning qualifying teams are announced. Links AIxCC Shellphish Shellphish Support Syndicate Shellphish AIxCC Team

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus talk about the highs (winning $1 million in the AIxCC Small Business Track) and the lows (failing to qualify for DEF CON CTF 2024) of Shellphish. Links AIxCC Shellphish Shellphish Support Syndicate Shellphish AIxCC Team pwn.college

Youtube Video of podcast Shownotes and Links In this unique episode of CTF Radiooo adamd and Zardus chronicle their adventures while playing Nautilus Institute's DEF CON 31 CTF, all the way from the Friday night before the CTF to early Monday morning leaving to catch a flight. Throughout this episode we talk about the CTF as we're experiencing it (from a hot tub?!?!), and we catch up with several amazing people in the CTF community, including commentators, players, organizers, and winners (congrats Maple Mallard Magistrates on the win): ZetaTwo, clasm, zanardi, nafod, perribus, negasora, jay, mike_pizza, zaratec, and vie. Unfortunately the sound on the interviews during the CTF after party is not the best, but that's how recording in a closet in the middle of a party goes! We'll try to bring on those folks in the future. Special shoutout to our impromptu camerapeople zwad3 and f4c31e55. Links LiveCTF LiveCTF Challenge Source AIxCC Maple Bacon

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus chat with psifertex, glenns, and negasora from LiveCTF! We talk about LiveCTF competitions in DEF CON CTF Finals 2022 and DEF CON CTF Quals 2023! We also chat about the history of LiveCTF, spectating CTF, the difficulty in creating a challenge at the appropriate difficult level for a spectated CTF, and more! Links psifertex's sheet of DEF CON CTF pwnAdventure Pwny Racing RET2 Systems WarGames Cryptonomicon

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus chat about a challenging issue facing the CTF community: if someone finds or uses a 0-day vulnerability in a CTF, what happens? We talk about 0-days, 0-days in CTF, and the complications that arise. Links

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus chat with anciety, atum, mmmxny, and crazyman of r3kapig: one half of the CTF team P1G BuT S4D! We talk about how the members got into CTFs, how the team gets new members, what is the culture of the team, why do we play CTFs, can we keep playing CTFs?, what makes a good CTF challenge, and (what else) pwn.college! Visit https://r3kapig.com/ to learn more about the team. Links Tweet re: CTF team mergers r3kapig website Joint team C4T BuT S4D website

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus chat with q7, publicqi, Yuhang Wu, and shiki7 of the CTF team Straw Hat! Links Tweet re: CTF team mergers Straw Hat website

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus chat about keyboards, DEF CON CTF Quals 2023, CTF team mergers, and how Shellphish has qualified for DEF CON CTF for 20 years! Links Tweet re: CTF team mergers The infamous monitor

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus are joined by special guests: Dustin and Vito from Legitimate Business Syndicate, hosts of DEF CON CTF from 2013–2017. We chat about how Dustin and Vito got into CTFs, their first CTF experience, how DEF CON CTF has changed, and their experiences hosting DEF CON CTF. Links DEF CON Call for Organizers Legitimate Business Syndicate LegitBS AMA

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus talk about a major update: Order of the Overflow has retired from hosting DEF CON CTF, after four years at the helm. They talk about what it was like to host, and why YOU should consider hosting DEF CON CTF. Links DEF CON Call for Organizers

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus kick off the second season of CTF Radiooo. We reflect on the progress of pwn.college and the challenges of incentivizing students to find and exploit real bugs. Links pwn.college

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus recap the first “season” of CTF Radiooo (yes, we’re calling them seasons now). We reflect on a fun first season, discuss some of our favorite moments/episodes, and talk about future plans for the pod. Links CTF Player discord server, started by our friend ZetaTwo

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus explore the misty origins of the Plaid Parliament of Pwning aka PPP along with many PPP captains: Tyler Nighswander, Tim Becker, Jay Bosamiya (our first repeat guest), and Samuel Kim. We dive into how everyone got into CTFs, how to maintain a CTF team, how to continue in CTFs, the shadowy PPP cabal, how PPP approaches CTFs, imposter syndrome, and everyone’s favorite PPP moment. At the end of the day, we learn that there are no secret tricks or shortcuts, and that everyone is human! Links hacker.org hackthissite SoftICE

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus dive into the murky background of the Shellphish CTF Team along with special guests: Giovanni Vigna, Christopher Kruegel, and Davide Balzarotti, founding members of Shellphish. We dive into how everyone got into CTFs, early DEF CON CTF and CTF memories, friendly rivalries with sk3wl 0f r00t, DEF CON CTF Rōnins, the myth of wkr, and why CTFs are important. Links wkr

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus host a special guest: Fabian a.k.a. LiveOverflow to discuss the topic of Education and CTF. You may know LiveOverflow from his excellent YouTube videos. We discuss how Fabian got into CTFs, the history of the LiveOverflow name, how he got into streaming/creating scripted videos, and thhe role of CTFs in security education. Links Stripe CTF 2012, Fabian’s first CTF Smash the Stack Wargames Cybersecurity Challenge Germany ALLES CTF team and the ALLES! CTF Geohot livestreaming overthewire solves Matt Might’s illustrated guide to a Ph.D propaganda CTF challenge from RIPSEC’s HackTheVote pwn.college, does Zardus talk about anything else? Hacktober CTF DownUnderCTF securitycreators.video from our friend ZetaTwo

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus host a special guest: ZetaTwo a.k.a. Carl to discuss Pwny Racing and NorseCode. We discuss how Carl got into CTFs, the history of Pwny Racing, the history of NorseCode, tips on casting a CTF, and how to create a superteam. Links Hackceler8 Rapid Fire Finals from 2016 b0bb, Pwny Racing challenge author Murmus, who challenged people to solve a CTF challenge on camera pwny racing at CSAW

Youtube Video of podcast Shownotes and Links In this LIVE episode of CTF Radiooo, adamd and Zardus go over listener comments and questions. Follow us on twitter and twitch to know about next live event. Links to Listener Comments/Questions BobF (aka Sensor Lock) on kenshoto creating Jeopardy-style CTF potetisensei on where king-of-the-hill orginated “Did you guys ever get a black badge?” - Trevor “What kind of modifications / changes to the world of CTFs are you expecting in the future?” - @HanEmile “Where do you see the future of automation in CTFing? Do you see automated analysis and exploitation taking a bigger part?” - GH0S1_R33P0R “What’s the most craziest CTF challenge you guys made/solved (In Reverse Engineering or Binary Exploitation)” - @X3eRo0 “If I don’t have any local CTF teams in my city or country, what’s the best way to start a team or join a team somewhere else?” - @eigenhell

Youtube Video of podcast Shownotes and Links In this extra-special episode of CTF Radiooo, adamd and Zardus host the WINNERS of DC 28 CTF: A*0*E. From A*0*E we’re joined by Captain Gengming aka dmxcsnsbh, Vice-Captain Hui Shin aka septyem, Founder Tianyi aka Jackyxty, and DevOps silver! We discuss how everyone got into CTFs, the history of A*0*E (the short version is A*0*E = EEE ∪ AAA ∪ 0ops ∪ ******), DC 28 CTF, DC 26 madness (on adamd and Zardus’ side, including social engineering a parking spot), and how to succeed at CTFs. Silver’s amazing diagram of their networking setup: +---------------------------------------------------------------------------+ | | | >Other players in our team< | | | +-----------------+----------------------------------+----------------------+ | | | | | OpenVPN | OpenVPN | | The `dc28-redir-controller` +--------+------+ +------+--------+ is deployed here | | | | | VPN Endpoint | | VPN Endpoint | | | for CHN users | | for USA users | | | | | | v +-------+-------+ +-------+-------+ | | +---------------------------+ +--------------------+ | bandwidth and ACL limited! | | | | | | save some money ;) | | Jumpbox, config copied +-----+ OOO's WG endpoint | | | | +-----+ from OOO's machine | | | | | | | | | | | +---------------------------------+ | v | | +---------------------------+ +--------------------+ | | +-----+-----+ +-----+-----+ | | CPU-intensive applications | | | QoS Promised | | | | since EPYC servers are only +------+ Gateway +------------------------+ Gateway +------+ +------------------------------------+ | available in CHN available zone | | China | MPLS VPN? not sure. | U.S West | | | | | | | 110-130ms,

Youtube Video of podcast In this episode of CTF Radiooo, adamd and Zardus host a special guest: Antonio from the Order of the Overflow to talk about his DC 28 CTF challenge ropshipai! In addition, Jay, Corwin, and Matt from PPP join to talk about ropshipai and ropship from a player’s perspective! Together adamd, Zardus, Antonio, Jay, Corwin, and Matt discuss how they got into CTFs, Return-Oriented Programming, the ropships, DC 28 CTF, and how PPP prepares and plays in DC 28 CTF. Shownotes and Links ropship source ropshipai source Two hours and 42 minutes of all ropshipai rounds Hack this site (mentioned by Jay) Jay’s homepage, cite his papers! Garbage Truck from plaidCTF (written by Corwin) PlaidCTF PicoCTF adamd’s blog post on how to get ready for PicoCTF

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo, adamd and Zardus host a special guest: Jeff! Together adamd, Zardus, and Jeff founded the Order of the Overflow, and they tell the story here. Next, we chat about the DEF CON 28 CTF challenge gameboooy, which Jeff wrote. gameboooy is a gameboy emulator with multiple modules, each of which operate one aspect of the emulator. Rather than patch the emulator itself, the patch strategy is to write a firewall that inspects (and can block) the communication between each of the modules. We also take an honest look at the problems of gameboooy (so that everyone can learn from mistakes), and discuss the challenges of organizing a CTF and writing challenges. Links OOO Philosophy, which is 90% of the proposal gameboooy source telooogram writeup What we sent players before DC 27 CTF dooom source CTFd

Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo adamd and Zardus host their first guest: kaptain a.k.a. Alexandros Kapravelos to discuss the DEF CON 28 CTF challenge nooode. We discuss a bit about OOO, how kaptain got into CTFs, the design inspiration of nooode, CTF challenge philosophy, attack-defense private instances (and why they are necessary), stealth ports, how nooode went in DEF CON CTF, and lessons learned. Links Play nooode on archive.ooo Check out the source of nooode on github kaptain’s work on reducing Node.js attack surface: Mininode Prototype pollution

Unfortunately, Zardus’ machine blew up after the first 16 minutes of recording (LINUX!), so we lost his good audio, and have to go with lower quality audio for the first 16 minutes. Sorry! Youtube Video of podcast Shownotes and Links In this episode of CTF Radiooo, adamd and Zardus answer the question that we get frequently: How to get into Capture the Flag (CTF) cybersecurity competitions? We tell our “orgin story” about how we both got into CTFs at UCSB and with Shellphish (Zardus’ is particularly great). We also point people to resources where they can get into CTFs. The best way into CTFs is to start playing, so do it! Links to Explore CTFs: The art of sniffing: dsniff When are CTFs? CTF Time OpenToAll CTF team that is, as the name says, open to all! Proper preparation prevents poor performance: wargames to practice OverTheWire, one of our favorite sets of wargames Hack on some binaries with pwnable.kr, by our friend daehee Go from a white-belt to a yellow-bet on exploitation with pwn.college, by our very own Zardus and kanak

Youtube Video of podcast Shownotes and Links In this initial episode of CTF Radiooo, adamd and Zardus answer the question: What is Capture the Flag (CTF)? And no, we’re not talking about a physical in-person CTF, or a first-person shooter CTF (ala Quake or Unreal). We’re talking about the cybersecurity hacking competitions known as Capture the Flag, where hackers from around the world compete to solve security challenges and develop their security skills. Interesting Links to Explore: Capture The Flag (Wikipedia) What is Capture the Flag (from CTF Time) CTFd’s What is CTF Why CTFs are Awesome and Why CTFs are Terrible, both from our friend LiveOverflow DEF CON, the birthplace of DEF CON CTF