![]() ![]() In fact, the main goal of the CTF was not to grab all the flags and simply submit them but players had to discover all the vulnerabilities, find and download the source code, fix it and write a report of the full penetration test and source code review plus the patches. The aim of the CTF wasn’t to reward the fastest one able to solve it but was to assign the prize to the three most professional ones. It was like a real penetration test assignment.Lastly, this contest was made to let the players think about the famous “butterfly” effects and let them chain even the smallest and insignificant vulnerability to reach the goal. All challenges has been inspired from real situations and ACTUAL vulnerabilities, mainly because as a CTF player I really hate when I found improbable cyphers (Vigenere in 2017? Seriously?), improbable situations and too ‘forced/unrealistic’ bugs.Only real players were allowed to compete. All the vulnerabilities were developed in order to make them impossible to be found with automatic commercial tools (Acunetix, Netsparker, …), overall such tools were banned from the competition with an automatic payloads detection with no false positives.This CTF was web based, no binary exploitation nor reverse engineering and/or crypto was involved.īefore I dive into deep, let me explain what was the goal of this CTF and why it is different from many others: ![]() ![]() The CTF was made possible thanks to the sponsorship with Bitdefender that put some licenses for its product as a prize for the first three winners. It has been a while since my last blog post, so I’m (finally) writing the write-up of the: VoidSec CTF Secure the flag. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |