Let's Hack!

Calling all Security people! Help make our new educational Wifi CTF firmware great by practicing your wifi cracking, enumeration, exploitation & privilege escalation skills. Bring your laptops/tablets and phones to Big Block Brewing in Carnation WA on Saturday, Nov. 29th from 1-4 pm. Help us ensure there is adequate capacity by signing up! Slots are limited. Signup soon!

About this event

This is a beta-test of a new, real-world educational CTF event. Learning real-world cybersecurity is hard. You need expertise to create an environment to practice in, which means many people never become experts. We're trying to make it easy for non experts to learn realistic cybersecurity by making realistic labs easy to setup and run. You will help us make this experience exceptional by helping us find the bugs and bruises in the lab.Patrick McCanna has been a long time contributor to r00tz asyulm. R00tz was a defcon village dedicated to giving kids access to real-world cybersecurity education. Patrick is working to extend these experiences to people who don't attend Defcon. We need real-world user experience data to make this the best experience possible. You will be helping us discover gaps in documentation and implementation bugs.

Transform Your Hacking Skills in a Live Wireless Network Laboratory

Are you ready to test your offensive security skills in a real-world WiFi penetration testing
environment?Join our exclusive beta testing event for the WiFi CTF Lab - a comprehensive hands-on cybersecurity training platform that takes you from cracking WiFi passwords to achieving complete system compromise.

What You'll Practice

Wireless Network Attacks- WPA2 handshake capture and offline password cracking
- Dictionary attacks against weak wireless credentials
- Monitor mode operations and deauthentication attacks
- Real packet capture with tools like aircrack-ng and WiresharkWeb Application ExploitationMaster the OWASP Top 10 through 9 distinct challenges:
- SQL Injection - Authentication bypass and data extraction via UNION attacks
- Cross-Site Scripting (XSS) - Both reflected and stored variants
- Command Injection - Shell metacharacter exploitation for OS access
- Malicious File Upload - Deploy web shells and bypass validation
- Directory Traversal - Manipulate paths to access restricted files
- Credential Exposure - Hunt for exposed configuration files and secretsLinux System ExploitationEscalate from web user to root access:
- SSH brute forcing and default credential attacks
- SUID binary exploitation for privilege escalation
- Cron job manipulation via world-writable scripts
- Sudo misconfiguration abuse using GTFOBins techniques
- File system enumeration to discover hidden flags and secretsReconnaissance & Intelligence Gathering- Port scanning across full range (0-65535)
- Service enumeration and fingerprinting
- Hidden service discovery - find obscurity-based defenses
- Attack surface mapping to build your exploitation strategy
---

Who Should Participate?

This CTF is ideal for:Aspiring Penetration Testers - Practice real-world attack chains
CTF Enthusiasts - Sharpen
skills across network, web, and system categories
Security Students - Bridge theory to practice
with hands-on exploitation
Career Switchers - Build portfolio-worthy offensive security skills
Bug Bounty Hunters - Develop systematic vulnerability discovery techniquesSkill Levels:- Beginner Track: WiFi cracking β†’ Network reconnaissance
- Intermediate Track: Web exploitation β†’ SSH access
- Advanced Track: Privilege escalation β†’ Root compromise

What Makes This CTF Different?

Live Visual FeedbackWatch your progress displayed in real-time on a SenseHAT LED matrix with pixel art animations:
- πŸ’€ Skull when exploits are detected
- πŸ”“ Lock/key for challenge unlocks
- 🚩 Flag waves when you capture objectives
- 🌈 Rainbow explosion when you achieve root!Intelligent Automatic ScoringNo manual flag submission - the lab detects your exploits automatically by:
- Monitoring 9+ log sources
- Network traffic analysis with Scapy
- DHCP tracking
- Real-time point awarding as you pwn targetsAchievement SystemEarn bonus points for:
- 🩸 First Blood (+50 pts) - First to solve any challenge
- ⚑ Speed Demon (+25 pts) - Sub-5-minute solves
- πŸ•ΈοΈ Web Master (+100 pts) - Complete all web challenges
- πŸ’» System Master (+150 pts) - Complete all system challenges
- πŸ† Completionist (+500 pts) - 100% completionExceptional Learning MaterialsUnlike typical CTFs, you'll receive:
- 5 detailed student guides (3,000+ lines) with conceptual frameworks
- Real-world case study connections (KRACK attack, Capital One breach, Log4j)
- Progressive 3-level hint system (directional β†’ conceptual β†’ technical)
- Teacher's guide with full solutions and pedagogical strategies
- Transfer learning exercises to apply skills beyond the lab

Technical Details

What You'll Need:- Laptop with WiFi adapter. Solution should work with tablets/mobile phones- but laptop participants will have advantages.
- Basic command line familiarity
- Curiosity and ambitionWhat We Provide:- Isolated WiFi network with fun LED display
- Raspberry Pi-based infrastructure with multiple vulnerable services
- Real-time web dashboard showing live leaderboard
- Registration portal and automatic participant trackingExploitation experiences:
* Wifi
* Service Enumeration
* Web App Exploitation
* IoT Persistence---
The Complete Attack PathStage 1: Network Access β†’ Crack the WiFi password and capture handshakesStage 2: Reconnaissance β†’ Enumerate all services and map the attack surfaceStage 3: Web Exploitation β†’ Exploit 9 vulnerabilities to gain initial accessStage 4: System Access β†’ Use SSH to pivot from web to shellStage 5: Privilege Escalation β†’ Chain exploits from user to rootStage 6: Complete Dominance β†’ Capture the root flagPlus hidden Easter eggs!---
Beta Tester Exclusive BenefitsAs a beta participant, you'll:
- ✨ Shape the final product - Your feedback directly improves the platform
- πŸ“Š Get detailed performance analytics - See exactly where you excel and where to improve
- 🀝 Join our community - Network with other security enthusiasts- 🀝 Join our community - Network with other security enthusiasts-
- 🍺Big Block beverages - Discover your new favorite beverage!
---
πŸš€ Ready to Hack?This isn't just another CTF - it's a complete offensive security training laboratory that simulates the full penetration testing lifecycle from reconnaissance to root compromise.Whether you're preparing for OSCP, sharpening skills for bug bounties, or just love the thrill of breaking into systems (ethically!), this lab will challenge and educate you.Beta spots are limited. Secure yours now and join the ranks of hackers who've achieved complete system compromise!---
Event LogisticsDuration: Self-paced (2-4 hours depending on skill level)
Format: Hands-on lab with live attack targets
Prerequisites: Basic Linux/networking knowledge helpful but not required---
Legal NoticeThis platform contains intentionally vulnerable systems for educational purposes only. All exploitation must occur on the isolated CTF network. Participants agree to use these skills
responsibly and ethically in authorized security testing contexts only. Non-participants will be kept safe by staying off the CTF_LAB WiFi network.