2022 Summer Training Schedule
tl,dr;
- Training time: from June, 19th to August, 14th.
- Offline training would be held every Sunday from 9 am to 6 pm in 551 Meeting Room, Southern Tower of the Engineering Department.
- Two tiers: basic level and advanced level.
- The qualification exam would be on August 13th and 14th.
- Enjoy your tour of CTF and the infosec.
Timeline
The time schedule would according to the weekly training topics. Every week, we would have a topic to focus on. During the training time, our timeline is set to the following table.
| Time | Topic | Introduction | Material |
|---|---|---|---|
| June, 26th | CTF Overview & Fun-oriented challenges. | Learn about what's CTF and how we win a CTF. The attendance of competitions and how to group a team. | Introduction to CTF.pdf Sakai page Kali Linux Linux challenges Linux tutorial Python tutorial |
| July, 3rd | Web Challenges and Databases (Basics) | Ability to learn computer networks and hack websites. Know HTTP & HTTPS in protocol, and tools to capture / modify packets. | Web Basics and Databases.pdf OWASP vulnerabilities PHP basics HTML MDN CSS MDN JavaScript MDN |
| July, 10th | Practice, Solving Web Challenges (Advanced) | Why websites are vulnerable, learn how to crack a website and solve some web challenges. Find the weakness in the websites, and common vulnerabilities. | Advanced Web Hacking.pdf Linux Basics BlackHat SSTI PDF CTF101 Web Web learning notes |
| July, 17th | Forensics & Steganography | Analyze the file format and hidden information. Packet or network traffic analysis as well. Several skills to check images. | Forensics_Steganography.pdf CTF 101 Forensics 1earn Forensics |
| July, 24th | Modern Cryptography and Mathematics | Asymmetric cryptography like RSA, ECC. A mathematic definition of security and attacks on modern cryptography. | Cryptography.pptx Introduction to Modern Cryptography: Principles and Protocols Trapping ECC with Invalid Curve Bug Attacks |
| July, 31st | Assembly Language and Reverse Engineering | Learn about some CISC knowledge. Use x86_64 as example to do assembly. Some reverse engineering skills are involved. | Reverse.pdf |
| August, 7th | Binary Exploitations | PWN challenges. Buffer overflows, shellcodes, ROP, and some pwn challenges. | Binary Exploitation.pdf |
| August, 13th | Report and Summary | Before the final exam, we would have a report week to share your learning and conclusion on the CTF. | TBA |
| August, 14th | Exam | Brand new challenges to solve this year, and winners would be qualified to the team. | TBA |
Time arrangement
We usually would have our offline training in the 551 Meeting Room, Southern Tower of the Engineering Department. The time of the offline meeting would be on Sundays.
From the offline training, you can have a summary of the past week's challenges and topics. The schedule of this day would be like this:
2022 Summer training timeline:
- 9:00 - 10:00 quick review of the last week, a summary of the self-learning materials.
- 10:20 - 11:50 challenge solving and summary.
- 14:00 - 16:00 Lecture on the topic.
- 16:20 - 18:00 Question solving and teamwork.
Training tiers
For the students who won't be able to participate the whole time, we can still have a more relaxed timeline.
Advanced level
In order to join the compass team and attend competitions in the future, we need to have a more advanced skills. In the training, you should make sure that you are great at your specified area.
- Every week, you have to join the weekly training. We may not have a sign-up every week, but if you choose this level, I would appreciate you participating in the offline training.
- We would publish some challenges for the week. Your score would be noted in the database, and don't forget to finish them.
- An experienced team member would help you to learn about everything. It's free to ask questions.
- You may need to take extra time to learn expanded materials besides the topic this week.
Taking the advanced level isn't easy, and you would get 5 extra points for the total score.
Basic level
If you don't want to fully participate in the training, and just want to learn something about computer security and CTF by interest. The basic level is enough.
- The weekly training's morning half can be optional. But the afternoon half is still very useful.
- The weekly challenges sometimes are fun, you can learn a lot from finishing the easy and the medium difficulty challenges.
- Ask in the group and every question would be answered.
You can still participate in the final exam. If your score is high enough (which means you are so talented in the CTF), it's our honor to have you on the team.
Exam and the score
The training schedule isn't a course or something you need to rat race to get an A-level score. But, I think taking some grades can be feedback on your learning.
How to join the compass team? Sometimes, joining the CTF competitions can be done by oneself, but usually, we need teamwork to get a better grade in the competitions. You don't want your teammate to be a newbie, right? The exam and the score are used to make sure that every member is great.
Thus, if you find anything that is non-reasonable in our score system, please write an email to me. I would appreciate having your advice.
The scoring system won't have a cap, you can get as many points if you want. However, I don't like the rat race. So, every category would have a percentage in the result.
The final score formula is: score = weight * sum(percent * log(2, score))
The categories involves,
- Evaluation of the weekly challenges, and competitions: 30%.
- Remark from the team members: 10%.
- The sharing and the report score: 15%.
- The final exam: 100%.
The weight would be according to your grade. A freshman in the university is less experienced compared with the senior students, but from future learning, a freshman can have more time to improve. The weight is in order to balance the grades.
- Freshman (grade 1): +6%.
- Sophomore (grade 2): +4%.
- Junior (grade 3): +2%.
This is summer training, and we won't have any senior members (they are already graduated).
For example, if you got 3127 in the challenges and competitions, 155 in the remarks, 229 in the report, and 1625 in the final exam. You are a freshman in the university and just finished your first year. The total score would be: 1.06 * (0.3 * 11.610563503925041 + 0.1 * 7.2761244052742375 + 0.15 * 7.839203788096944 + 1 * 10.66622400280318) = 17.016059226486018.
Contact
Your advice is valuable and would help me to improve the training. If you have any suggestions, there are several ways to contact me:
- Weekly meeting: every Thursday, at 16pm, according to the weekly meeting page.
- My email address:
liz33#mail.sustech.edu.cn - My office address: 441A, Southern Tower of the Engineering Department.
- My Boss, Fengwei, Zhang's office address: 515, Southern Tower of the Engineering Department.