So this year I not only ran the Capture the Flag competition for BSides Atlanta but also had the opportunity to speak. I wanted to write up some specifics about this.
Capture the Flag
So this year I again just ran the NetKOTH from Iron Geek. This is an awesome one that has a simple scoring engine overall. What I ended up doing differently was rather than trying to build machines I used VulnHub. This allowed me to just convert already vulnerable machines to provide for people to work against some.
The plan was to release more and more complex machines during the day and ultimately start to spin up additional easy ones depending on the number of people that showed up. This provided an interesting way to work through things and allowed everyone to participate a little more fully since some of them had guides.
This year I spoke on Web3 Security. This was talking through all the various issues that I have seen within the Web3 realm and security while I have done some work for various clients. This allowed some time to discuss issues around ports being opened and just some general permissions issues.
I do plan to do a full write-up of the talk after I work with it some more. So be sure to subscribe to The Weekly Deployment to get it as soon as it is written.
I do plan to write up a piece on how to do the VulnHub conversion. I know there are plenty out there, but it helps me to synthesize what I found from AWS and everything. Plus it would be cool to try and have a script or something that can be pointed at a VulnHub URL and go through the entire process of getting it prepped.