Skip to content

Commit

Permalink
minor changes
Browse files Browse the repository at this point in the history
  • Loading branch information
omentic committed Feb 11, 2024
1 parent e46df56 commit d0533b6
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 14 deletions.
15 changes: 7 additions & 8 deletions about.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@ title: About | CTF @ UBC

Our team was initially formed by [Robert Xiao](https://www.robertxiao.ca/) in February 2019 shortly after he took his position in the CS department. Robert started playing CTFs during his PhD with the top team PPP. Since then he's competed in many high-tier CTFs including several [DEF CON](https://en.wikipedia.org/wiki/DEF_CON) CTF finals, which is a classic "Attack/Defence" CTF that attracts many of the world's most talented hackers.

Since our team's formation, we've slowly attracted a core group of students and alumni that regularly play in CTF competitions. On average around 2-3 CTFs per month. Our mentality toward the competitions is usually casual, with a focus on learning and having fun, rather than competing. This means that there's <span style="white-space: nowrap">**no obligation**</span> on any of our team members to regularly participate.
Since our team's formation, we've slowly attracted a core group of students and alumni that regularly play in CTF competitions. We very consistently play in a CTF each weekend, with exceptions around holidays and finals. Our mentality toward the competitions is usually casual, with a focus on learning and having fun, rather than competing. This means that there's **no obligation** on any of our team members to regularly participate.

That being said, once we're in the competition and racing for flags, we usually get pretty into it.
That being said, once we're in the competition and racing for flags, we get pretty into it.

Our worldwide ranking and history can be found on [ctftime.org](https://ctftime.org/team/73723).
Our worldwide ranking and history can be found on [ctftime.org](https://ctftime.org/team/73723). Some highlights are having won TamuCTF, b01lers CTF, and Cryptoverse CTF in 2022, winning b01lers CTF again in 2023, and having won DEF CON CTF in 2022 and 2023 in collaboration with [PPP](https://pwning.net/) and [The Duck](https://theori.io/) as the Maple Mallard Magistrates.

We encourage any fellow **UBC students, faculty or alumni** to join in, no experience required. You can join our weekly meetings, ask questions, and introduce yourself if you wish. You may also join and participate in any CTF that we play together. We announce our plans to participate in upcoming CTFs on Discord.

Expand All @@ -35,9 +35,8 @@ There's no obligation to keep attending meetings or participating in CTFs after
# CTF competitions

{% include image.html url="/assets/images/about/tm_finals_2019.jpg" description="Filip, Daniel, Tiger and Samson at the 2019 Trendmicro CTF finals in Tokyo, Japan" class="img-right" %}
<!-- ![Tiger, Samson, Daniel and Filip at Trendmicro CTF finals in 2019](/assets/images/about/tm_finals_2019.jpg){:.img-right} -->

We regularly participate in CTF competitions all throughout the year. We competed in 20 CTFs in 2019 and 45 in 2020.
We regularly participate in CTF competitions all throughout the year. We competed in 20 CTFs in 2019, 45 in 2020, 56 in 2021 and 2022, and 40 in 2023.

Once we decide to play in a CTF, there is no obligation to any of our team members that they must play.

Expand Down Expand Up @@ -127,7 +126,7 @@ Each and every challenge present in this category share a fundamental paradigm -

## Cryptography

**Cryptography** literally translates to the art of writing ciphers and secret codes. It's because of cryptography that we can send senstive data over the web. In many cases, crypto is the brute powerhouse protecting most of our data online - our passwords, our banking information, anything involving the transmission of sensitive information. However, not everything is without its flaws, and cryptographic-related CTF challenges seek to showcase this - involving the breaking of popular encryption schemes that were not properly implemented.
**Cryptography** literally translates to the art of writing ciphers and secret codes. It's because of cryptography that we can send sensitive data over the web. In many cases, crypto is the brute powerhouse protecting most of our data online - our passwords, our banking information, anything involving the transmission of sensitive information. However, not everything is without its flaws, and cryptographic-related CTF challenges seek to showcase this - involving the breaking of popular encryption schemes that were not properly implemented.

Cryptography relies on the understanding of its base mathematical principles, which can be rigorous. But don't be daunted by that - many challenges in the crypto category will utilize some piece of flawed logic that you can exploit to crack the encryption scheme wide open. It's a matter of understanding the encryption rules in order to break them.

Expand All @@ -142,9 +141,9 @@ Forensics is a unique category involving clever manipulation of static file form


## Misc
Everything not under the 5 categories above will map to the **Misc** category. As such, the miscellaneous category is broad in scope and can touch on many different topics.
Everything not under the five categories above will map to the **Misc** category. As such, the miscellaneous category is broad in scope and can touch on many different topics.


## What category should I focus on?

Whichever one your heart desires! We don't enforce any policy that would dictate what category you should develop skills in. Some people may find they like cryptography over binary exploits, or reverse engineering over web application security. We encourage everyone to explore and learn what they like, wether that be one or two specific categories, or an overall understanding of all categories.
Whichever one your heart desires! We don't enforce any policy that would dictate what category you should develop skills in. Some people may find they like cryptography over binary exploits, or reverse engineering over web application security. We encourage everyone to explore and learn what they like, whether that be one or two specific categories, or an overall understanding of all categories.
12 changes: 6 additions & 6 deletions getting_started.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ title: Getting Started | CTF @ UBC

# Getting Started

This page is meant as a first steps introduction to get you into your CTF journey. There are many online resources related to CTFs and so this page aims to present an effective approach to improving your CTF skills, while also linking to good resources along the way.
This page is meant as a first steps introduction to get you into your CTF journey. There are many online resources related to CTFs, and so this page aims to present an effective approach to improving your CTF skills, while also linking to good resources along the way.

The best way to learn is to solve challenges, get stuck, google things, make progress, get stuck again, ask questions, get flag, repeat. You will pick up knowledge, skills and tools along the way.
The **best way to learn** is to approach challenges, get stuck, google things, make progress, get stuck again, ask questions, get flag, repeat. You will pick up knowledge, skills and tools along the way.

## What are CTFs?

Expand Down Expand Up @@ -45,18 +45,18 @@ There are several tools that get used a lot for Linux-based pwn/reversing challe

Check out the Cryptographer's Codex over at [crypto.maplebacon.org](https://crypto.maplebacon.org/), which has a compiled set of challenges, guides, and resources for learning cryptography. <span title="too lazy; didn't click">TL;DC</span>, check out the following resources:

1. [cryptopals](https://cryptopals.com/): eight sets of challenges that provide a solid foundation in cryptography.
1. [cryptopals](https://cryptopals.com/): Eight sets of challenges that provide a solid foundation in cryptography.

2. [cryptohack](https://cryptohack.org/): An ever-growing collection of various cryptography problems. Scale well from introductory to quite challenging.

If you're more of a textbook learner, both _Introduction to Modern Cryptography_ by Katz & Lindell and [_Crypto101_](https://raw.githubusercontent.com/crypto101/crypto101.github.io/master/Crypto101.pdf) by lvh are recommended reads. And once you feel you've got the basics down - there's nothing better than diving into CTFs for real!
If you're more of a textbook learner, both [_Introduction to Modern Cryptography_](https://bibrrs.library.ubc.ca/vwebv/holdingsInfo?bibId=219554) by Katz & Lindell and [_Crypto101_](https://raw.githubusercontent.com/crypto101/crypto101.github.io/master/Crypto101.pdf) by lvh are recommended reads. And once you feel you've got the basics down - there's nothing better than diving into CTFs for real!

## Web Application Security
## Web Security

Web exploits can be easy to get into, since many straightforward exploits don't require heavy tooling to work out. Consider these as a rough guideline of what to get into to get started into web.

- Knowledge in scripting languages (Python is our favourite)
- Foundational knowledge in Javascript, PHP and common web frameworks (nodeJS, Flask for Python, etc)
- Foundational knowledge in Javascript, PHP and common web frameworks (NodeJS, Flask for Python, etc)
- Understanding of common web protocols, such as HTTP, IP and DNS.
- Having an understanding of RESTful APIs, and server-client interactions.

Expand Down

0 comments on commit d0533b6

Please sign in to comment.