Loading Events

« All Events

Merit – Capture The Flag (CTF)

April 10 @ 9:00 am - 3:00 pm


Click Here to Register:     [ Email cyber@wmcat.org to Register ]
Deadline:                         April 3, 2020



Location:            WMCAT – 614 First St NW, Suite #300, Grand Rapids, MI 49504
Duration:           1 day (6 hours)  |  Friday, April 10 (9:00am – 3:00pm)
Delivery:          This exercise is accessed through the Michigan Cyber Range using the free VMWare Horizon View client. Participants are expected to co-locate at WMCAT for synchronous competition.

Cost:                    $500 per person
Included:            Virtual access to a robust online cyber exercise.
Not Included:    Internet access is not available inside the environment; Internet searches must be done on your host machine or elsewhere

Internet access will be provided; Participants should bring their own computer/device (BYOD).



Training Level: Novice/Beginner to Advanced (all skill levels)


Learning Objective:

The objective for this exercise is to execute exploits to obtain firsthand knowledge of network vulnerabilities. Through the use of open source exploits, Red Teamers (aka “hackers”) and Blue Teamers (aka “network defenders”) will better understand the vulnerabilities in networks. The CTF is like no other environment commonly known and by enumerating and exploiting a living city, participants will gain hands-on, real-world experience in a safe environment.



Course Description:

Capture the Flag, or CTF, is a gamified learning tool designed to cover the spectrum of cybersecurity. Choose from a variety of self-paced and self-directed modules to complete challenges, capture hidden flags, and input them into the scoring system to earn points. From Python scripting and web application hijacking to reverse engineering, database hacking, and penetrating SCADA networks, this exercise is a means to challenge and assess individual skills across a broad range of systems and challenges.

Individuals or small teams will work together traverse through challenges in Alphaville, using their penetration testing and forensic skills to gather clues, collect evidence, and earn points by using open source tools to fire-off live attacks on networked systems in real time. The environment is divided into various “threads,” each independent of one another and built around a specific security skill set such as web, SQL, and password security. Recovering artifacts gets harder as the player progresses along the thread, which provides an active, adaptable challenge. Capture the Flag is an excellent approach to learn deeply technical concepts in a non-traditional, gamified environment.

CTF participants should have basic computer skills, familiarity with the command line, understanding of IP addressing and DNS, familiarity with basic security concepts, problem solving skills, and resourcefulness. Participants will not know all the solutions to problems encountered in the CTF. The solutions will require research outside of the game.

The CTF is mapped to the NICE / NIST framework which gives participants an indication that they can perform the corresponding KSA-T.


List of Current CTF Modules (in approx. order of increased difficulty):

  • Linux 100: Basic Linux functionality, Linux command line skills, and built-in tools; Networking; OS fundamentals;
  • Linux 101: Basic Linux functionality, Linux command line skills, and built-in tools; Networking; OS fundamentals;
  • Networking 101: Basic networking concepts; Basic network functions, standards, and protocols
  • Python 101: Basic Python syntax; Logic problem solving; Basic functions and command line operations
  • Powershell 101: Learn common logic and to control Windows via the command line; Windows PowerShell is a task-based, command-line, automation platform, and scripting language that allows you to simplify the management of your systems.
  • Powershell 201: Learn basic cmdlets and common logic to control Windows via the command line; Windows PowerShell is a task-based, command-line, automation platform, and scripting language that allows you to simplify the management of your systems.
  • Recon 101: Reconnaissance or Open Source Intelligence (OSINT) gathering on potential targets for the purpose of exploitation
  • Cryptography: This track contains aspects of both cryptography and cryptanalysis; Analyze and break classical codes; Find steganographic data hidden in files; break weak forms of encryption; Use modern cryptography tools such as openssl and gpg
  • Binary Forensics: Module TOC; Learn basic analysis of malicious binary executables and network protocols; Learn how to get useful strings out of a binary; Use Nmap to gain insight into C2 locations; Use NMap to gain insight into networked protocols and content; Network capture; Reverse Engineering
  • School Computer: Reverse Engineering; Service Exploitation
  • Library: Securing PII; Service Discovery; Database vulnerabilities
  • City Hall: Coding Weaknesses; Deface a website
  • Private Business – Zenda: Incident Response & Forensics
  • Power & Energy – SCADA: City power grid (including a generator, substations, and smart meters); Service Exploitation; SCADA
  • Trivia Challenge: Test your trivia knowledge in the categories of: General; Windows; Linux; Security; Network; Forensics; History; Movies


Participants are shown how to access to the CTF and how to interact with the environment. A proctor is onsite to solve technical problems only. No assistance in how to solve challenges is offered. Inside the exercise, assistance on how to solve any challenge is offered via hints, for a reduction in points



Who Should Attend?

Participants should have a baseline of security knowledge and familiarity of security concepts. Those new to security should first attain basic knowledge and some familiarity with common tools and techniques. While mastery is not required, understanding of common vulnerabilities and their remediation is recommended. Introductory challenges such as Linux and Python provide a great baseline for the beginner. For those with experience, the CTF provides a world class and challenging game for all levels of security practitioners. Players ranging from beginners to the most experienced red and blue teamers in the world will stay engaged and challenged by this exercise.

Participants should have a knowledge base and some familiarity (in theory) with one to two of the concepts below. Beginners will practice the techniques associated with the theory and advanced players will demonstrate the Knowledge Skill or Ability to perform them in this cyber exercise challenge:

  • Linux command line knowledge
  • Windows and Linux service exploitation
  • Port scanning, networking scanning, vulnerability scanning
  • SQL injection
  • PHP code exploitation
  • PII discovery
  • Privilege escalation
  • Brute force
  • Password hash cracking
  • Forensics and reverse engineering
  • Reconnaissance or Open Source Intelligence (OSINT) gathering
  • Understanding of basic network functions, standards, and protocol
  • Familiarity with a Scripting language with a focus on Python and PowerShell
  • Some knowledge of common Logical Security Controls




WMCAT is located at the corner of First St NW and Seward Ave NW.

There is a ramp connected to the building (fee to park, not managed by WMCAT). Enter the ramp on Seward Ave NW (just south of First St) and go straight up to the second floor. There is an entrance to the building on the northeast corner of the second floor of the ramp. Enter here, follow the WMCAT signs, and take the stairs or elevator up to third floor.


There is limited street parking on First St NW and Seward Ave NW (some spaces metered and some not).

There are DASH lots on Seward Ave NW near Lake Michigan Drive ($2 a day).

Also, if attendees are coming from within downtown offices they can ride the DASH bus for free. The DASH West route drops off at Bridge St NW and Seward Ave NW, very close to our building. DASH Route


If parking on the street, DASH lot or taking the DASH, enter building at main entrance on First St NW and take elevator or stairs up to third floor.

WMCAT is the entire third floor of the building.



Please contact Anthony Tuttle, the Program Manager for The Cyber Hub at WMCAT:




April 10
9:00 am - 3:00 pm
Event Category:


614 First St NW, Suite 300
Grand Rapids, MI 49504 United States
+ Google Map