WASTC Summer FDW Workshop Description

Summer 2022

Workshop Structure

This workshop is structured as a Capture-The-Flag competition, so each participant can proceed at their own pace. The techniques will be briefly demonstrated, and we will provide tips and help as needed to make sure everyone is able to solve at least some of the challenges.

The participants will not all learn the same thing, but will each learn something new and useful.

All the software used is freely available, and all the projects are copyright-free and available freely on the Web, ready to be used in your classes in any way you wish.

Mon: Cryptography and Cryptocurrency

Level: Beginner

Learn how blockchains, cryptocurrency, coin offerings, and smart contracts work in a series of challenges. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them.

We will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws.

No previous experience with coding or blockchains is required.

Tue: Threat Intelligence & Incident Response

Level: Beginner

Learn how to gather threat intelligence from public feeds using STIX and TAXII and use them to protect users from attacks with a proxy server.

To handle attacks that do get through, learn how to use these tools for incident response:

No previous experience with these tools is required. A Network+ and Security+ level of networking and security knowledge is recommended.

Wed: Go the Wrong Way

Level: Beginner

Good developers study documentation carefully and thoroughly understand their language. However, some people just want to code fast, break into things, and skip over the details. This CTF is for them.

Even if you've never programmed before, you can make simple attack tools in Go. We'll peform port scans, HTTP requests, brute-force logins, crack password hashes, and perform encryption using XOR and AES.

No previous programming experience is required.

Thu: Introduction to Exploit Development

Level: Intermediate

Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits incuding buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.

After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.

We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.

Previous experience with C and assembly language is helpful but not required.


Level: Beginner

The world runs on COBOL! 95% of ATM swipes rely on COBOL, but few people know how to use it. Let's fix that!

In this workshop, participants will learn basic COBOL programming and solve challenges including building HTTP requests, processing strings, file I/O, ASCII encoding, modular arithmetic and RSA encryption. We will use free Google cloud servers and a real public IBM mainframe.

The workshop is structured in a CTF format. Each participant works at their own pace. The techniques will be demonstrated, with complete step-by-step instructions to lead beginners through the easy challenges. There are also harder challenges for more experienced participants. We will help participants as needed, to ensure that everyone learns something new.

Participants will use COBOL on a Debian Linux virtual machine, which we will provide . All the tools we will use are freely available, and all the training materials will remain available to everyone after the workshop ends.

Party like it's 1959! COBOL will never die!

Posted 2-7-22