Capture The Flag - Think Like An Attacker

Playground is F-Secure’s global, on-demand platform for hands-on cyber security training and capture the flag challenges. To celebrate Playground’s public launch, we will be running a CTF event where participants and whole teams across the world can play and test their security skills in lifelike scenarios.

We are currently building versatile labs and pathways that can be used to train offensive and defensive teams alike: developers, pen-testers, threat hunters—all the way from novice to advanced.

What to expect

Three hours of fast-paced fun, with the added benefit of learning between peers and via other skilled competitors. Test your team’s cyber security skills and sit in the seat of an attacker.

Challenges on the day

• Hacking an e-commerce portal (enumeration, broken access control, XSS, SQLi, insecure file upload, command execution, ...)
• Taking over GitLab pipelines (perusing repositories, tampering with pipelines, extracting secrets, breaking out of Docker containers)

Prerequisites to attend

• You can compete as an individual or as part of a team ( maximum of 8 per team, we will be in touch to confirm your team name and list of members) 
• The focus of the challenges will be around hacking web applications and leveraging some common GitLab / Docker misconfigurations
• Technical understanding of web application exploitation recommended (having used tools such as ZAP Proxy or Burp proxy will help)

What do I need to prepare beforehand?

• One week prior to the event, you will get an access key to register an account on Playground.
• After registering your account, you need to spin up the “Test Lab” sandbox to confirm you can access labs with your access method preference

How do I access the sandboxes?

• During the event, you’ll be able to spin up a sandbox containing the challenges
• There are two methods of access:
  • Remote Desktop Gateway: you only need a modern web browser (Chrome, Firefox, Safari)
  • VPN: you’ll need an OpenVPN client and a virtual machine with common hacking tools such as Kali Linux
• Note: You need to test access beforehand, as corporate proxies and networking restrictions can prevent you from accessing our sandboxes.