What is a Capture The Flag competition?

Capture The Flag or “CTF” competitions are designed to test the skills of participants in various disciplines of cyber security. Participants complete various challenges to obtain “flags” and earn points as a reward.

What is HACKMAC?

HACKMAC includes challenges for all levels and we want everyone to get something out of the event. This event is geared towards beginners and no prior experience is required. We strive to provide a safe, inclusive and fun environment to be able to connect with like minded students and experience the world of cyber security.

What disciplines are tested?

CTF competitions can test many different disciplines covering all aspects of cyber security. Here are a few common ones:

- Web security

Web security covers all aspects of web technology security. This could be anything from bypassing a login form on a website, accessing sensitive databases or even taking over a web server. sqli

(credit: https://securityboulevard.com/2023/02/how-to-prevent-sql-injection-attacks/)

- Binary Exploitation

Binary exploitation is the teqniques involved in exploiting a weakness in a computer program. Generally this involves “breaking out” of a program’s safe operation to manipulate its behaviour or read sensitive information.

binexp

(credit: https://sharkmoos.medium.com/binary-exploitation-exploiting-ret2libc-328eefb0421b)

- Digital Forensics

Digital forensics is looking for hidden information contained within files or systems. This could be hidden information contained within a file’s contents or examining system logs for evidence of a cyber crime.

forensics

(credit: https://cujo.com/first-seclounge-ctf-2020-forensics-challenges/)

- Open Source Intelligence (OSINT)

Open source intelligence is the art of information gathering. In these challenges you’ll be tasked with finding out a specific piece of information about something by searching online. This could be the location of a picture, sensitive information from social media or leaked passwords.

osint

(credit: https://www.thalesgroup.com/en/career-osint)

What is a flag?

A flag is a unique piece of text that proves you have solved a challenge. After successfully completing a challenge you should be able to see this text clearly. For the HACKMAC competition, this will always begin with HACKMAC{ and end with }. For example: HACKMAC{This_is_a_flag}

How do I play?

On the day of the competition, after registering your account you’ll be able to log on to our competition app. Once you log in you’ll be able to see the range of challenges available.

To earn points you must do the following:

  1. Choose the challenge that you want to do and read the description. For some challenges we may provide hints along with the description.
  2. Complete the challenge and obtain the flag.
  3. After you have the flag submit it in the answer box. If it is correct your team will then receive points based on the challenge difficulty.

Example challenge

Here we will look at an example challenge:

challenge

To complete this challenge, we need to decode the provided text “SEFDS01BQ3tGbDRnX2luX2I0c2VfNjRfZW5jb2QzfQ==”.

By examining the character set, we can assume that this text has been encoded using base64. A good tool for encoding and decoding text is cyberchef developed by GCHQ. This website will allow us to explore a variety of encoding methods and will provide us the means of decoding the text.

cyberchef

We can see that after successfully decoding the text we are left with the flag HACKMAC{Fl4g_in_b4se_64_encod3}. We can then submit this flag as the answer and get our points!

A Special discipline - lockpicking

At HACKMAC we also provide the opportunity to explore the world of physical security with lockpicking. Lockpicking is the technique opening of locks without the original key. There are many different types of lock with the most basic being pin and tumbler.

lockpick

(credit: https://deviating.net/lockpicking/)

To earn points from lockpicking at HACKMAC, you must do the following.

  1. Grab one of the numbered padlocks and some tools from the lockpicking tools table

  2. Successfully “pick” the padlock and unlock it.

  3. Show the unlocked padlock to one of the HACKMAC staff in the lockpick area and they will send you the flag for that lock. You can then submit the flag for the same lock number and you’ll receive points.

  4. Remember to lock the padlock again and return it to the table.

hackmac1 hackmac2