Summ3r of h4ck 2020. Results of the program

8 min


Summer is over, and our program ended with it Summ3r of h4ck 2020… It’s time to take stock and see what our players have achieved this month. Their research and impressions of Digital Security will be discussed in this article.


You can see what our interns have been doing in past years here:

  • Security Analysis Department 2019
  • research department 2019
  • Summ3r of h4ck 2018 results

We followed a well-established practice: participants chose a topic of interest from the list provided and conducted their own research under the supervision of a curator for a month.

Two departments of our company participate in the program – the security analysis department and the research department. The first is engaged in penetration tests, auditing web applications and corporate software, and the specialists of the second – reverse engineering tasks, searching for vulnerabilities in binary applications and devices and writing exploits.

Selection procedure for Summ3r of h4ck also remained unchanged: first, the participants answered the questionnaire at our website and solved small test tasks, and then received an invitation for a remote interview. Although the program Summ3r of h4ck takes place only in St. Petersburg, we were glad to see participants from other cities.

Introduction

First of all, our program is aimed at helping young professionals and students, but everyone can send their questionnaires. In addition, we are always very glad when they come to us again: it is nice to watch the growth of a new specialist and see how he develops and studies information security. But this does not mean that there are concessions in the selection;)

Program Summ3r of h4ck starts with lectures. They are read by experts from two departments, and here are some of the topics that they touch on:

  • Development for Ghidra
  • Advanced Server Side
  • About Libfuzzer
  • Where to reap after RCE?
  • Pentest Android
  • About taint analysis
  • Kubernetes: From zero to hero, etc.

In addition to lectures, there were practical tasks, and even a kind of mini-CTF for everyone. The results of these assignments are taken into account later when selecting candidates for Digital Security employees.

At the end of the program Summ3r of h4ck defense of projects passed. The participants spoke to everyone and told what tasks they faced and what they managed to achieve, what difficulties they faced and what problems they solved. Some have come together in groups to work on a common theme – we always welcome this.


Our wonderful merch

All who successfully completed the internship received a certificate Summ3r of h4ck 2020

Traditionally, we asked our trainees to answer mini-interview questions and share their impressions.

  1. Why did you decide to intern at Digital Security? What attracted you to the company?
  2. Did you enjoy the internship? What was especially memorable? How much did the reality match your expectations?
  3. Tell us about your task (s).
  4. Did you find the tasks that you worked on during the internship interesting? Was there something you wanted to do but failed?
  5. Are you ready to return to the company for an internship or work?

The spelling, punctuation and style of the authors are preserved

Daniil Gavshin, topic “Plugin development for Ghidra”

1. I think it’s no secret that you are popular in spbctf circles, and for every summer of hack there is an advertising post about you. It’s great that you are respected in such communities, that you are well written about in the reviews of past internships. This gives the impression of being an open, friendly and modern company, and now I can say with confidence)

2. As the organizers themselves noticed, this is more practice or training, and in this regard I am very pleased. There are many interesting lectures where you can calmly ask a question, ask to repeat it, explain a point, because the atmosphere is cozy and informal. After the presentation, you can make coffee and talk with the trainees about painful issues or go to discuss your project with a mentor. Such a simple connection between everyone is a big plus.

3. First, I studied how to reverse the UEFI firmware, the operation of its protocols, and then, when some understanding came, I began to write a plug-in for Ghidra that would draw graphs of connections between these protocols. Invaluable experience learning the Ghidra API)

Link to Github plugin repository for Ghidra


Plugin link graph

4. My problem was quite abstract and therefore no thoughts immediately came to its solution, but it was still interesting. Each discussion with the mentor moved the project forward, and only at the end of the internship did we come to something concrete. There is a lot of interesting fuzzing left, you had a cool lecture on this topic, and you wanted to have time to fuzz something with you, but it’s a pity that I didn’t.

5. I think yes, I liked the atmosphere you have, throughout the internship I wanted to come here

Nikita Chelnokov, topic “Automation of code reuse gadgets search for CFI bypass”

1. Before the internship, I played actively in CTF. At some point, I realized that I wanted to try myself in real problems. I saw that Digital Security has a summer internship program. About past internships, I read several articles on Habré and decided that it would be interesting and, most importantly, useful, which I was not mistaken about.
2. In short – very much. The lectures allowed me to learn better topics that I had only heard about, as well as set a certain vector for the development of skills. I really liked the master classes at some of the lectures and, of course, the work on the project itself.
3. My task is to automate the search for code reuse of gadgets to bypass CFI. In the project I used IDAPython, as a result of which the task was minimally solved. I will continue working on this project, and the next goal will be to make a graphical interface for this script in IDA. It is necessary to make it as informative and interactive as possible in order to simplify the task of finding primitives.

An example of the script

4. The task was really interesting, I had not come across this topic before. If the solution to this problem is done in the most effective way, it will be possible to create new ways to bypass protection aimed at complicating the exploitation of binary vulnerabilities. The created utility can be modified in every possible way and used for a wide range of tasks. In the process, I improved my automation skills in IDA. Special thanks to my mentor who helped with the project and told me a lot of interesting and useful things.
5. Certainly – yes, both.

Novoseltseva Alena, theme “Symbolic performance in Ghidra”

1. I have been doing an internship at Digital Security for the second year in a row. The tasks of the Research Center are extremely interesting to me, so it was great to take on the project this year as well. Every day, employees of the company give lectures on topical topics, which gives the internship a training character. It was very pleasant to learn that most of the topics were either updated or completely new, and taking into account the specifics of the material, the repetition of what was covered seemed quite appropriate and even useful.
2. Due to the unstable situation, the internship had to be completed remotely and became the only intern of the research department at a distance. You can work in this way quite successfully, but you lose the possibility of live communication with mentors and other trainees. The extremely negative side is the fact that there is no opportunity to listen to live lectures of employees, ask questions and discuss technical details. So I recommend doing the internship in person, otherwise a lot is lost.
3. The task of the research is to implement symbolic execution in Ghidra. It was necessary to choose one of the currently existing symbolic execution engines and screw it into the Ghidr interface. Candidates are KLEE, Triton, S2E and Angr. As a result, we decided to choose Angr because it is popular and has an accessible and well-documented API. From that moment, the development stage began, I began to write logic and a graphical interface. It should be noted that the lion’s share of the time had to be spent on the GUI.
In principle, the task was completed successfully. Now, symbolic execution is available in two clicks straight from Ghidr.

Link to AngryGhidra plugin Github repository


GUI and plugin example

4. As noted last year, I always wanted to dive deeper into the topic of symbolic performance, so this was a great opportunity to learn both theory and practice. In the future, I plan to study fuzzing in more detail and start looking for vulnerabilities.
5. With great desire and pleasure! The university is still ongoing, so, most likely, I will participate next time.

Oleg Moshkov, topic “Binary Lifting Fuzzing”

1. There was a desire to dot the i’s: where to move further in the field of information security and what to do. Hence the choice of an internship in the leading company in the field of information security in Russia – Digital Security, so here I will be guided in the right direction.
2. The internship exceeded my expectations. I had the most top-end mentor: he was a real teacher for me who helped me not only with research, but also in the general part related to the field of information security.
3. It was necessary to test the toolkit for Binary Lifting binaries, try to phase them and find vulnerabilities. The problem was that most of the utilities were either abandoned or lifted only very simple binaries. I had to patch some of them, finish and rebuild, which took most of the time. In the meantime, they rebuilt several times, we managed to phase one of the open-source projects and find a couple of holes in it 🙂


Lifting tools comparison table

4. I would also like to study a bunch of tools that we were told about at the lectures, but for which there was no time left, which I will do in the near future.
5. With pleasure!

Georgy Gennadiev, topic “Apple BLE protocols”

1. I decided to do an internship at Digital Security, as you are one of the favorites in the field of information security in Russia and abroad. In addition, the research that the company is doing was very much attracted.

2. I expected a lot from the internship, and my expectations were not only met, but also exceeded. There are many interesting topics for research, mentors who are ready to help and answer any questions, lectures covering many areas (this is getting really invaluable practical experience, in comparison with university papers) and a virtual laboratory for practicing new knowledge.

3. For research, I chose a new topic for myself – mobile devices and Bluetooth Low Energy, and specifically two things – Apple find my and Exposure Notifications (API for detecting contacts with COVID-19 infected) from Apple and Google. In the process, I managed to deepen my knowledge, learn a lot of new things, write a couple of PoCs, but since the topics are difficult, I could not finish them during the internship, so I am researching them to this day.


Exposure Notification

4-5. All the tasks during the internship were very interesting, but unfortunately it is impossible to try everything, so I can say with confidence that I am ready to return to DSec to continue my research activities and improve my own skills.

Conclusion

We are glad to see that the program Summ3r of h4ck is beneficial, and we try to work to make it better in accordance with the feedback from our members.

Thank you so much!” to those who came to us, took part in research and puzzled over our assignments. We are proud of you!

See you next year;)


0 Comments

Leave a Reply