This is OWASP WrongSecrets in CTF mode!

What is OWASP WrongSecrets in CTF mode?

Play head to head against other contestants in a secrets hunt which spawns strawling through Git code, disecting Docker containers, finding misconfigurations in Kubernetes, overcoming cloud challenges, reverse engineering of binaries, and even makes you dive into Web3 secrets!

All of this on a virtualized environment, so all you have to do , is bring a laptop with Wifi, a browser, and Docker!

What do you need to play?

A laptop with:
  • a recent version of Docker;
  • a modern web-browser (Recent version of Chrome or alike is recommended),
  • a Working Wifi!
  • the AWS CLI

What could help, but is not strictly required

Any tool that allows you for easy reverse-engineering like:

  • Radare2
    (Don't worry: you will have a virtual environment where Radare2 waiting for you...)
  • Ghidra
  • Git

You can even play part of the exercises on your tablet if you want to 😜.
But we doubt whether you will finish first 😜 as others might be racing to the finish line.
So bring that laptop well prepared and get ready for some fun hacking!

Will I be able to do this?

YES!!! We tested this CTF with a wide range of people:

  • From your old-school OPS specialist, to your modern SRE-cloud-engineer...
  • From your awesome script-writer to your modern full-stack developer...
  • From the awesome pentester, till the heavily trained red-teamer...
And all of them had one thing in common:
They had fun doing the exercises!

"But I am a business/salesman/analyst/a nurse/a physicist!"
→ Even for you there are challenges that will give you points and help you understand secrets management on the way

How do I start?

The CTF takes place on Thursday 24/11/2022.
All you need to know will be provided during Jeroen Willemsen and Ben De Haan's talk at 10h!