Recommendations on how to prepare for the defcon qualifiers.

General

Some general stuff you should probably do, before defcon quals start:

  • Ensure you have enough free space. I recommend over 100GB, you never know when you might need to do some weird stuff with e.g. memory dumps.
  • Make sure all your packages (especially CTF related software, see further down) are up to date
  • Have the ability to quickly get a reverse shell / some server going. If you can port forward to your machine, then forward some common ports (I recommend DNS and some other port. DNS is usually not blocked in challenges).

Software

Some common software one should have installed (mostly oriented for pwnables & reversing). If you have questions on how to obtain any of them, just ask in either Discord or Slack :)

  • pwntools (4.1.0, works with python3)
  • binwalk
  • ropper
  • ROPgadget
  • angr
  • manticore
  • gdb (with gef)
  • avr-gdb, simavr, avr-binutils (for Arduino)
  • ghidra
  • radare2
  • IDA
  • sage (for advanced math)
  • docker
  • node
  • qemu (for kernel and foreign arch stuff, so both qemu-user and qemu-system)

Windows only software (see further down):

Virtual Machines

You will want to have at least one Windows virtual machine for windows stuff and windows only software. This is extremly easy to setup, just download the image here: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ These not only are free, but also preloaded with some dev tools as well as fully setup already.

Furthermore, you will want to have one linux VM for GUI stuff. If you are on macOS, I recommend using VMware for this, not VirtualBox (you get a free license from ETH). The reason for this: VirtualBox can kernel panic your macbook!

Then you will probably want at least one linux VM, ideally one per libc version (so that you don’t have to worry about LD_PRELOAD etc.). Luckily, we have already done the hard work for you, and you can have everything be automatically setup with this repo here: https://gitlab.ethz.ch/vis/ctf/ctf-vm (see README). This VM also includes a bunch of useful tools already setup (most of what is mentioned above).

During the CTF

Some points to keep in mind during the CTF:

  • Try to stay calm :P. Usually, this helps avoiding small mistakes, such as typos that could lead to your exploit not working.
  • Keep checking discord regularly and make sure to stay in contact via Voice!
  • Try to update the channel corresponding to your challenge regularly with anything you find. Maybe someone else is able to solve it in the future!
  • When you first start working on a challenge, make sure to check:
    1. Is there an existing channel and if anything is in there
    2. If not, create one!
  • If you feel like you are stuck, reach out to other people if they have any ideas.
  • If you are still stuck, try solving a different challenge and coming back later! Even if you have invested a lot of time already, often you are probably better off, trying to solve a different challenge. Furthermore, you might have a good idea when you come back after a while :) (Note: I constantly fall into this trap myself, hence why I wrote this point :P)