Seize The Flag (CTF) competitions are globally fashionable amongst each professionals and lovers in data safety. CTF competitions are sometimes nice enjoyable, however additionally they play a useful position in enhancing the abilities of safety specialists. A event will often take anyplace from a day to a few days and is carried out over the web or head to head within the “olden occasions”. Throughout that point groups attempt to resolve as many safety and hacking-related challenges as doable, every problem is taken into account a “flag” and every flag is often price a variety of factors relying on the complexity of the problem.
Trustwave SpiderLabs not too long ago hosted a CTF event instantly supporting the BlackHat 2020 US convention. The Jeopardy-style competitors befell from August 6 to eight, 2020 and it introduced hackers and safety lovers from everywhere in the world.
The Jeopardy type, one of the widespread CTF varieties, is an inventory of challenges that every act as a flag price a specific amount of factors. The flags had been a random string, assortment of hexadecimal numbers and even entire sentence. These challenges contain expertise like exploiting a vulnerability, fixing programming or logic issues or simply drill the web for OSINT in an effort to discover a thriller flag. Groups compete for the very best variety of factors they will rating in a given time-frame – 48 hours on this case.
A devoted Discord server was obtainable all of the occasions for gamers and event directors for communication, questions and issues. Through the event the SpiderLabs CTF web page was lively serving as a central spot to comply with issues like challenges, scoreboard and flag submission type.
The Occasions in Numbers
Throughout all of the challenges and flags, there was a most of 8600 factors. The profitable group bought 6300 factors. Out of the 43 challenges solely three remained unsolved.
The CTF proposed 9 completely different classes:
- Reverse engineering
- Software program Outlined Radio
- Crypto DFIR
- Cortex XDR by Palo Alto Networks
The problem that was solved essentially the most was solved 136 occasions. It was an OSINT problem. Three challenges had been solved solely three time, which included two exploit challenges and one reverse engineering problem. Additionally, whereas a complete of 24,411 flags had been submitted, solely 8.2% (2002) had been legitimate flags. Trace for future CTF individuals: brute forcing the scoreboard often is not going to repay that a lot, however good strive.
From over 500 registered groups, 189 scored factors. A most variety of 6 individuals per group was allowed. Groups had 43 challenges to select from completely different classes with varied complexity ranges and level values:
And The Winner Is…
The next prizes went to one of the best Groups:
1st Place – $2,500 Ps, Nintendo, Steam or Xbox stay Reward Card
2nd Place – $1,000 Ps, Nintendo, Steam or Xbox stay Reward Card
third Place – $500 Ps, Nintendo, Steam or Xbox stay Reward Card
4th-100th Locations – a SpiderLabs CTF customized T-shirt
Congratulations to the ‘Bat Squad’ group for a tremendous rating and profitable the CTF event. Additionally, congratulation to ‘gmu_mcc’ and ‘efiens’ groups for the second and third locations. Nice job!
It’s at all times difficult to create CTF challenges and be certain that the participant will comply with the meant path. At the least one problem was solvable utilizing an easier path. However in the long run of the day hacking is concerning the vacation spot and never the journey. In case you missed the occasion and wish to strive a number of the challenges that had been offered a number of the challenges are going to be hosted on the https://ringzer0ctf.com web site.
Joyful hacking and see you subsequent yr!
spiderlabs github,spiderlabs blog,trustwave,spiderlabs modsecurity,malware blogs,trustwave blog,cyber security newsletter,nocturnus cybereason