Villages and CTFs!

Aerospace Village
1st Floor Warfields, Saturday and Sunday

Will be offering two activities:

Bricks in the Air – A Hands-On Aerospace Cybersecurity Experience

Bricks in the Air is an engaging, interactive activity hosted by the Aerospace Village, designed to teach participants the fundamentals of low-level aerospace communication protocols. In this immersive experience, participants learn how to inject custom commands into avionics systems, mirroring real-world cybersecurity challenges in aviation. The commands issued are then reflected in real-time on a connected Lego aircraft, offering a tangible and visual demonstration of how cybersecurity vulnerabilities can affect aerospace systems.

By combining theory with practical application, Bricks in the Air equips participants with valuable skills in aerospace cybersecurity, problem-solving, and understanding the complexities of modern aviation systems.

Live ADS-B Data Demo – Understanding Vulnerabilities in Aviation Surveillance

The Live ADS-B Data Demo offers participants a real-time display of Automatic Dependent Surveillance–Broadcast (ADS-B) signals, commonly used for tracking aircraft position, speed, and other critical flight data. Through this demo, attendees can observe how ADS-B data is transmitted openly and unencrypted, providing an opportunity to discuss the potential vulnerabilities inherent in this widely-used aviation surveillance technology.

By showcasing live ADS-B transmissions, the demo highlights the ease with which anyone with the right equipment can intercept, manipulate, or spoof ADS-B signals. This serves as a valuable conversation starter on the risks posed by these vulnerabilities to aviation safety and security, and how they can be mitigated through better encryption, authentication, and monitoring solutions.

Breach Village
2nd Floor Burke, Saturday and Sunday

Breach Village features Hack the Case, a fast-paced, hands-on breach and hacking game. Participants can take on physical security challenges, such as lockpicking, sensor avoidance, and digital face spoofing, or attempt to hack the web application and backend systems connected to the case. The game loops every five minutes, with sound and visual cues signaling errors and failures. The game is designed to be both fun and educational, showcasing real-world security concerns around deployable “fly-away” kits. Difficulty scales based on participant skill level, with entry-level and advanced lock challenges, as well as escalating digital hacking objectives. The cyber range Kleared4 will host cyber-focused participants, and a CTF challenge tied to this effort may also be available during BSidesCharm.

Click here for more details!

Cloud Village
2nd Floor Grason, Saturday and Sunday

Cloud village is an open space to meet folks interested in offensive and defensive aspects of cloud security. The village is home to various activities like talks, workshops, CTFs and discussions targeted around cloud services.

If you are a professional who is looking to gain knowledge on securely maintaining the cloud stack and loves to be around like-minded security folks who share the similar zeal towards the community, Cloud Village is the perfect place for you.

We will be hosting our own talks on Saturday and Sunday at the following times:

Saturday:
  • 2:00 – 2:30 PM: Analyzing Storm-2372: Primary Refresh Token Compromise by Jenko Hwong
  • 2:30 – 3:00 PM: Guardians of the Cloud – Proactive Policies for Securing the Cloud by Aaron Shelmire
  • 3:00 – 3:30 PM: Securing Kubernetes on the Cloud: From Misconfigurations to Mitigations ft. EKS by Raviteja
  • 3:30 – 4:00 PM: SquarePhish 2.0 – Turning QRCodes into Single Sign On Primary Refresh Tokens by Nevada Romsdahl and Kam Talebzadeh
Sunday:
CTF 101 Workshop
Timing – 1 – 3PM
Join us in experiencing an alternate solution to solve this year’s cloud challenges. We will help players understand the complex charm behind our challenges and obtain the flag.

CTF Details:

  • 25 hours of Cloud Security CTF – 11AM Saturday to 12PM Sunday.
  • Challenges across all three major Cloud Service Providers
  • Come to Grason room and get the sign up details to play.
  • The top 3 teams will be awarded prizes at the closing ceremony.

IoT Village
2nd Floor Duncan, Saturday and Sunday

Will be offering a different activity on each day.

Packets, Protocols, and Pwnage: Assembling your own Packet Hacking Toolkit (Saturday)

Intercepting, analyzing and crafting specialized packets using a variety of applications (e.g. Browser Built-in Tools, Burp Suite, Linux tools like Curl/Wget, and Python3). We will provide a few stations, but we encourage attendees to bring their own laptops. This will run all day Saturday.

IoT Village Hackalong (Sunday)

This activity is designed for entry-mid level hackers. IoT Village has created a custom vulnerable web app that attendees will be guided through to discover vulnerabilities. You will work with the instructor and on their own to learn about how to adopt the “”think like a hacker”” mindset, and also poke around in a system that has over 40 vulnerabilities.

Registration for the IoT Village Hackalong can be found here https://share.hsforms.com/1RSBpU9vrQ0WluPuLbGJ_Jw4a9bq

Makerspace Village
1st Floor Warfields, Saturday and Sunday

The Makerspace Village features hands-on demonstrations and interactive displays covering a range of DIY and hacker-space projects. Stations include 3D printing, crafting, a Lockpicking CTF, and a Meshtastic demo, showcasing open-source mesh networking. Attendees will also find the UAS Trophy Table, highlighting past projects, and a sticker wall for adding their own contributions.

Equipment on display includes different types of 3D printers and a plasma speaker, but no soldering or high-temperature work is planned. Meshtastic devices may be available for donation, with proceeds supporting Unallocated Space ( UAS ), a local non-profit hackerspace.

Mental Health Hackers
2nd Floor Amphitheater, Saturday and Sunday

The Health and Wellness Village will be ran by Mental Health Hackers, a 501(c)(3) organization.

The Mental Health Hacker’s (MHH) mission is to educate tech professionals about the unique mental health risks faced by those in our field – and often by the people who we share our lives with – and provide guidance on reducing their effects and better manage the triggering causes. This will be done through numerous talks and speakers conducted within the village during the conference. There will also be fun activities, crafts, coloring, and more to help you reduce stress and take a mental break from the conference activities and attendees.

Please understand that MHH does not provide counseling or therapy services.

Their website can be found at https://www.mentalhealthhackers.org/

Radio Frequency Hackers Village
1st Floor Warfields, Saturday and Sunday

In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi.  There may even be Infrared, if you have the eye for it.

RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at BSidesCharm 2025.  RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies. We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment.  Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser!  The key is to read the clues, determine the goal of each challenge, and have fun learning.

This game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals.  If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.

There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question – ASK! We may or may not answer, at our discretion.

FOR THE NEW FOLKS

This contest is free and open to anyone and everyone.  You can sign up and start playing any time during the conference.  If you didn’t bring your wireless gear don’t worry, our virtual RFCTF environment is played over ssh or through a web browser.  It may help to have additional tools installed on your local machine, but it is not required.

Read the presentations at: https://rfhackers.com/resources

Hybrid Fun

For BSidesCharm 2025 we will be running in “Hybrid” mode.  That means we will have both a physical presence AND the virtual game running simultaneously.  All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free.  In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference
admission.  These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill
challenges.  Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize.  Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place.  If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights.  The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.

THE GAME

To score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct.  Flags worth more points for the early solves, so don’t sit on those flags. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.

Who runs this thing?

RF Hackers Sanctuary is a group of all volunteers with expertise in radio security and various other related fields.  We are the original creators of the WiFi Capture the Flag, Wireless Capture the Flag, and RF Capture the Flag.  We are the original founders of the WiFi Village, Wireless Village, and RF Village.  Often imitated, never duplicated.

TL;DR

SANS Offensive Operations Village
2nd Floor McIntosh, Saturday Only

Join the SANS Offensive Operations Village to engage in a Capture the Flag (CTF) event that challenges your skills in network penetration testing, web, and binary exploitation, as well as programming and other offensive security disciplines. Participants are encouraged to bring their own laptops to tackle a variety of challenges designed to test and enhance offensive capabilities. SANS representatives will be available to discuss offensive security topics and distribute exclusive SANS swag.