SYS_TIME [ 00 00 00 ]
Agenda & Workshops
Event Agenda
| Session | Focus |
|---|---|
| 01 | Recon & Web Proxies — discovery, disclosure, endpoint mapping |
| 02 | Access Control — sessions, privilege bypasses, access checks |
| 03 | Injection Attacks — SQL injection, command injection, SSTI |
| 04 | Broken Authentication — brute force, reset flows, token handling |
| 05 | API Exploitation & File Attacks — upload abuse, LFI/RFI, API logic flaws |
| FINALE | Live ACM/Cyber-Tech CTF 2.0 main event |
Preparation Workshops (5 Days)
!!! info "Note" I gave 3 of these 5 preparation workshops myself — I did not take them as a participant. I wrote the content and hands-on labs for Days 2–4 and presented them live to attendees.
| Day | Topic | Author & Presenter | Lab |
|---|---|---|---|
| 1 | Recon & Web Proxies | Ghaida Abdulaziz Aldriweesh | Capture traffic and uncover hidden endpoints |
| 2 | Access Control | Shoug Alomran (me) | IDOR and parameter tampering challenge |
| 3 | Injection Attacks | Shoug Alomran (me) | Exploit SQLi to extract lab data |
| 4 | Broken Authentication | Shoug Alomran (me) | Reset-token brute force and session proof |
| 5 | API Exploitation & File Attacks | Sultan Alharbi | API challenge and local-file read exploit |
Live In-Person Recap Workshop
On top of the 5-day online series, we also hosted a 1-day, in-person recap workshop (about 3 hours) covering everything from the 5 days. I presented this session myself. It isn't listed on the official CTF website — it's noted here only.