Reverse engineering of programs, search for web vulnerabilities and two weeks in Sochi: what students can expect from Cybervyzov

In the 70s, an ordinary whistle was used to hack into telephone networks; in the 90s, Adrian Lamo hacked banks over the Internet, using only the capabilities of a browser. The world of cybersecurity does not stand still, is constantly becoming more complex and remains one of the most interesting and exciting areas in IT. Especially for those who are interested in it already at the institute, “Rostelecom” and “Rostelecom-Solar” for the second year in a row give the opportunity to test their strength in individual competitions “Cyber ​​call“. So, under the cut – about how these competitions will be held, examples of tasks and stories of last year’s winners about what turned out to be the most difficult and how they went to NTU “Sirius” for an in-depth course on information security.

What will need to be hacked?

Nothing, but it will still be interesting. Cybercall runs online in two stages. The main fun will be at the beginning: the participants need to solve problems in cryptography, search and exploitation of binary vulnerabilities, investigation of incidents, programming and web security within two days. And for the drive, the site will have a scoreboard with the results in real time.

Tasks are divided into six categories:

  • Crypto – cryptographic information protection;
  • PWN – search and exploitation of real vulnerabilities;
  • PPC – programming of security subsystems (professional programming and coding);
  • Reverse – reverse software development and research;
  • WEB – detection of web vulnerabilities;
  • Forensic – Investigation of incidents in the IT field.

The category consists of 2-6 tasks, in each of which you need to send a “flag” – a code set of characters – and get points for it. All competition flags have the same format: CC {[x20-x7A]+}. Example: CC {w0w_y0u_f0und_7h3_fl46}. The flag is used as secret information that must be extracted by finding vulnerabilities in the analyzed services or by examining the provided file. The flags sent are checked automatically and the execution results can be seen in real time on the scoreboard.

After the first stage, 70 people who have scored the most points will go to a Skype interview with Rostelecom-Solar specialists, where they will test their knowledge and distribute invitations to an educational program on banking cybersecurity at NTU Sirius.

Download Kali Linux and WireShark?

Not only. For example, in Categories Web the participants were offered a service in which they had to increase user privileges by exploiting a web vulnerability. In another assignment from the Crypto category, it was necessary to decrypt a message whose secret key is unknown.

In each assignment, we tried to provide recommendations and save participants from obviously bad decisions. For example, do not use port scanners where it is useless in advance. And at the same time we prepared a list of utilities that may come in handy:

All tasks of the past year can be viewed by link… They were created on the basis of real threats and vulnerabilities faced by information security professionals. For those who successfully complete both stages, we, together with the Bank of Russia, prepared a two-week course on cybersecurity in the banking sector.

And what will be interesting?

We pinged the winners of last year, and they returned TRUE, and at the same time dropped the log of what happened at the last Cyber ​​Call.

Vasily Brit: “In the summer, after graduating from the first year of university, I played Dota2 with friends, and then a link was thrown to my chat about“ Cyber ​​Challenge. ”I hadn’t participated in CTF before and didn’t believe that it was possible to win a prize. prove to yourself and everyone else that “you can’t just go to Sochi.”
I solved problems from Crypto, Web, Forensic and PPC category. The hardest category was Reverse. Almost no one solved it, because the assignments were drawn up by professionals and there was not enough time for them. The honggfuzz and wfuzz phasers and the F12 key helped solve the Web. Crypto tasks were solved using xortool and cyberchief. In fact, the utilities were specified in the tasks and you could not waste time looking for suitable tools. The coolest task turned out to be Forensic – a dump of RAM was given and it was required to find out what was open in the browser, on the desktop, and get all the data.

The trip to Sochi was worth those frantic 24 hours with solving tasks – the teachers of Sirius spent two weeks talking about information security, from the Web to binary vulnerabilities with tools for finding them. They told about everything very succinctly, with practice and examples. This year I will definitely participate. ”

Dmitry Zotov: “This is not my first time playing CTF, and the tasks of Cyber ​​Challenge seemed very interesting to me, but quite difficult. I liked the tasks from the Web and Reverse categories, although I did not solve it. Thanks to dynamic scoring, I could see it during the competition. who solved which tasks. The more people solved the task, the less points were given for it, but you could track it down and choose more difficult tasks. So it happened with one of the tasks in the Web category – besides me, only a couple of people solved it. For solving the Web, most often the most useful tool is the developer console in Chrome, and the simplest console utilities: curl, wget and python, but the coolest task turned out to be from the Reverse category – Windows services were given, where nothing was clear at first glance. I could not leave him even after the end of the competition and finished solving after.

At Sirius, we were given tons of useful information on cybersecurity, ranging from the various standards in this area to how malware operates in Windows and what to look at to detect it. I met cool people and had a great rest, I will definitely try my hand this year and I recommend to everyone. ”

Roman Nikitin: “I regularly participate in CTF competitions, and in Cyber ​​Challenge there were many useful and new tasks for me that I had not encountered before. In my opinion, the most interesting tasks were in the Reverse, Forensic and Web categories. In Web it was necessary to find vulnerability XXE, and this was one of the most “expensive” tasks for dynamic unblocking. The most difficult category was Reverse: the level of tasks was much higher than in other categories – it was unexpected and there was not enough time. But the coolest thing in the whole competition was, of course, the prize in the form of a trip to Sirius, and I will definitely fight for it this year as well ”.

Ok, where are the details?

On the Pentagon server. We have on website… Watch the tasks of last year and get ready for a new topic – financial security. Students of the 2nd to 6th years of bachelor’s, master’s, and specialist’s degree programs in all cities of Russia can register for Cyber ​​Call until August 28 link… Good luck% username%!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *