About us

We are the CTF Team of the University of Applied Sciences Munich and participate in several CTFs a year. The Team was initialized by Students from the Master IT-Security, but we are open to all interested students and students from other professions or faculties.

Our main focus is not to be the best Team but to solve interesting and funny challenges where we can work together to learn new ideas.

How to Join

If you would like to join and participate in the next CTF, feel free to reach out to info@fs.cs.hm.edu. You can also speak to us directly at the student council of the Faculty 07 in Room R0.013 or reach out to Prof. Dr Peter Trapp who also helps us organize the events.

What do I need?

You don't need a lot of background or experience, but some preparations can be helpful. You need a laptop with a VM like Kali Linux. Also, you can look into some challenges for free on pages like HackTheBox or TryHackMe

What type of Challenges are there?

Capture The Flag (CTF) competitions are popular in cybersecurity, challenging participants with various puzzles and tasks that mimic real-world security scenarios. These competitions are generally categorized into several types of challenges:

Reverse Engineering

In reverse engineering challenges, participants are given binary files or executables. The objective is to understand the software's inner workings without having its source code. Solving these challenges often requires disassembling or decompiling the binaries, understanding the algorithms being used, and identifying any hidden functionalities or vulnerabilities.

Web Exploitation

These challenges involve finding and exploiting vulnerabilities in web applications. Participants might be tasked with exploiting common vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), or Cross-Site Request Forgery (CSRF). Success in these challenges requires a deep understanding of how web technologies and protocols work, as well as knowledge of security best practices.

Cryptography

Cryptography challenges focus on deciphering encrypted messages or exploiting vulnerabilities in cryptographic algorithms. Participants may need to crack encryption schemes, understand and exploit flawed implementations, or use cryptographic weaknesses to their advantage. This category demands a solid foundation in cryptographic principles and often requires mathematical skills.

Binary Exploitation (Pwn)

These challenges revolve around exploiting vulnerabilities in binary programs to execute arbitrary code or gain unauthorized access. Common tasks include buffer overflow attacks, format string vulnerabilities, and heap exploitation. Solving these challenges requires a deep understanding of computer architecture, memory management, and exploitation techniques.

Forensics

Forensic challenges require participants to analyze digital evidence to uncover hidden information or understand the actions that led to a specific digital footprint. This might involve data recovery from corrupted files, analyzing network traffic logs, or uncovering steganography in images. Success in these challenges necessitates familiarity with a wide range of tools and techniques used in digital forensics.

Network Security

In network security challenges, participants might be asked to analyze network traffic to identify malicious activities, configure networks securely, or exploit vulnerabilities in network protocols. These challenges test one's knowledge of networking principles, security configurations, and the ability to identify and exploit vulnerabilities in networked environments.