SpiderLabs Capture the Results of Flag 2020




    Seize The Flag (CTF) competitions are globally fashionable amongst each professionals and lovers in data safety. CTF competitions are sometimes nice enjoyable, however additionally they play a useful position in enhancing the abilities of safety specialists. A event will often take anyplace from a day to a few days and is carried out over the web or head to head within the “olden occasions”. Throughout that point groups attempt to resolve as many safety and hacking-related challenges as doable, every problem is taken into account a “flag” and every flag is often price a variety of factors relying on the complexity of the problem.


    Trustwave SpiderLabs not too long ago hosted a CTF event instantly supporting the BlackHat 2020 US convention. The Jeopardy-style competitors befell from August 6 to eight, 2020 and it introduced hackers and safety lovers from everywhere in the world.

    The Jeopardy type, one of the widespread CTF varieties, is an inventory of challenges that every act as a flag price a specific amount of factors. The flags had been a random string, assortment of hexadecimal numbers and even entire sentence. These challenges contain expertise like exploiting a vulnerability, fixing programming or logic issues or simply drill the web for OSINT in an effort to discover a thriller flag. Groups compete for the very best variety of factors they will rating in a given time-frame – 48 hours on this case.

    A devoted Discord server was obtainable all of the occasions for gamers and event directors for communication, questions and issues. Through the event the SpiderLabs CTF web page was lively serving as a central spot to comply with issues like challenges, scoreboard and flag submission type.

    The Occasions in Numbers

    Throughout all of the challenges and flags, there was a most of 8600 factors. The profitable group bought 6300 factors. Out of the 43 challenges solely three remained unsolved.

    The CTF proposed 9 completely different classes:

    • Exploit
    • Reverse engineering
    • Software program Outlined Radio
    • Net
    • Crypto DFIR
    • Misc
    • OSINT
    • Cortex XDR by Palo Alto Networks

    The problem that was solved essentially the most was solved 136 occasions. It was an OSINT problem. Three challenges had been solved solely three time, which included two exploit challenges and one reverse engineering problem. Additionally, whereas a complete of 24,411 flags had been submitted, solely 8.2% (2002) had been legitimate flags. Trace for future CTF individuals: brute forcing the scoreboard often is not going to repay that a lot, however good strive.

    The Scoreboard

    From over 500 registered groups, 189 scored factors. A most variety of 6 individuals per group was allowed. Groups had 43 challenges to select from completely different classes with varied complexity ranges and level values:


    And The Winner Is…




    The next prizes went to one of the best Groups:

    1st Place – $2,500 Ps, Nintendo, Steam or Xbox stay Reward Card
    2nd Place – $1,000 Ps, Nintendo, Steam or Xbox stay Reward Card
    third Place – $500 Ps, Nintendo, Steam or Xbox stay Reward Card
    4th-100th Locations – a SpiderLabs CTF customized T-shirt

    Congratulations to the ‘Bat Squad’ group for a tremendous rating and profitable the CTF event. Additionally, congratulation to ‘gmu_mcc’ and ‘efiens’ groups for the second and third locations. Nice job!

    In Conclusion

    It’s at all times difficult to create CTF challenges and be certain that the participant will comply with the meant path. At the least one problem was solvable utilizing an easier path. However in the long run of the day hacking is concerning the vacation spot and never the journey. In case you missed the occasion and wish to strive a number of the challenges that had been offered a number of the challenges are going to be hosted on the web site.

    Joyful hacking and see you subsequent yr!

    spiderlabs github,spiderlabs blog,trustwave,spiderlabs modsecurity,malware blogs,trustwave blog,cyber security newsletter,nocturnus cybereason

    Recent Articles

    Unravel the XDR Noise and Recognize a Proactive Approach

      Cybersecurity professionals know this drill nicely all too nicely. Making sense of heaps of info and noise to entry what actually issues. XDR (Prolonged Detection & Response) has been a technical acronym thrown round within the cybersecurity business with many notations and...

    PLATYPUS: Hackers Can Obtain Crypto Keys by Monitoring CPU Power Consumption

      Researchers have disclosed the small print of a brand new side-channel assault technique that can be utilized to acquire delicate data from a system...

    The Container configurations in Amazon ECS

      Revealed: November 7, 2020 | Modified: November 7, 2020 | Zero views A fast put up on superior container configurations in Amazon ECS. ECS container superior...

    Antivirus Testing – VIPRE for your Home and Business

      Individuals typically marvel, “What’s one of the best antivirus?” A number of distributors will declare that their product is one of the best within...

    Antivirus Testing – VIPRE for your Home and Business

      Individuals typically marvel, “What’s one of the best antivirus?” A number of distributors will declare that their product is one of the best within...

    Related Stories