“White” hackers and CTF
Roman Vasilenko, an employee of our St. Petersburg office, recently took part in “hacker” competitions. About this kind of competition held among information security experts, the editors have not heard anything before. We are terribly intrigued and ask Roman to share details.
- Roma, you participated in the competition DEFCON Capture the Flag. This is a hacker competition - how does this fit in with our company?
- Unfortunately, for a long time the word “hacker” in Russia was associated only with cybercriminals, one can say that they were synonymous. However, in a narrower community, information security specialists are considered hackers, people who are always “on the wave” of all new trends in information security. Of course, a real information security expert cannot possess only knowledge in the field of information security; knowledge of the attacking techniques is also necessary.
')
Capture the Flag (CTF for short) is a hacker competition. The essence of the game is that a command with a set of vulnerable service applications is given to commands. The main task is to analyze the system, find vulnerabilities, close them in oneself and as quickly as possible, using the found vulnerabilities, hack the opponent’s systems. In some games, extra points are awarded for the description of vulnerabilities in the security bulletins. A kind of cyberwar in miniature is obtained.
I am glad to note that recently Russian teams have been achieving greater success, and “Russian hackers” are associated not only with criminals. In general, not all hackers are equally harmful, and there is a big White Hat community.
- Please tell us about the White Hat community.
- Since the word hacker itself is used differently everywhere, in order to exclude discrepancies, a distinction has been invented, so to speak. Black Hat is bad and White Hat are good hackers. It is like light and dark Jedi, if, of course, such a comparison is appropriate. We, of course, are bright, and I think that it has long been necessary to separate flies from cutlets and call Black Hat hackers cybercriminals. Although there is a misunderstanding here - the largest hacker conference is called Black Hat, apparently it was decided at one time that this would be better, I don’t know for sure. In general, do not get bored with these hackers.
- Is this community somehow represented in Russia?
- As I have already said, the words “hacker” and “Russia” have long been associated only with cybercriminals and, I must say, for good reason: statistics show that the same number of virus writers in our vast country has a decent amount and their actions are visible to everyone. White Hat-specialists, for various reasons, remained in the shadow for a long time, and, in general, there was no community.
The reason for this is the language barrier - the difficulty of communicating with foreign colleagues - and, to some extent, the closeness of companies working in information security, including anti-virus companies.
But in the past few years, the situation is changing for the better. Russian experts are increasingly appearing at international conferences (by the way, this is also a merit of our company). There were Russian CTF-teams that successfully perform in international competitions. The Defcon-Russia 7812 group opened (editor's note: 7812 is part of the name, formed from the telephone code of St. Petersburg) (defcon-russia.ru) is the official DEFCON group that was created by St. Petersburg guys from dsec'ka (Digital Security). At the same time, the group’s goal is to popularize information security in Russia, share knowledge, create a powerful community of experts. The main motto is: "The company in which you work is not important - knowledge that you can share is important." The group holds monthly meetings where invited experts speak. In fact, anyone can speak on the condition that he will provide an interesting and serious topic on which to be able to share knowledge. Also one of the initiatives of the group is the ZeroNights conference (zeronights.org), which will be held in November in St. Petersburg. Join now.
We, with our team Leet More (leetmore.ctf.su), also try to keep up, we hold seminars for junior courses, we invite new guys to the team, we share knowledge. In general, in Russia now there is a very big problem with training in the field of information security. There are very few training programs on this topic, and those that exist usually do not cause anything but disappointment. From there it turns out to collect guys, hungry for knowledge. The main reason is that the higher school is very much divorced from reality, there are practically no teachers who have their own experience. Therefore, this year I got a job as a teacher at St. Petersburg State University and am teaching the course “Introduction to the study of malware”, I try to share all my knowledge with the guys, because I know how difficult it is to find them yourself.
- Let's go back to the competitions - how often are they held and how popular?
- There are several major competitions in the world now, including UCSB iCTF, NuitDuHack, Hack.lu, plaidCTF, RuCTFE and others. DEFCON CTF has been held since 1996 and is the oldest and probably the most prestigious of them. This year, for the first time, our Russian team reached the final, and after all, ~ 300 teams from all over the world participated in the qualifying rounds. The team emerged as a result of the merger of the 4 strongest Russian CTF teams: Leet More, HackerDom, Smoked Chicken, Sibears and received the name IV - “four”. In the final we took the honorable 4th place, as you call the ship, so it will sail. We are ahead of such buffaloes as the team of the University of California Santa Barbara (organizers of iCTF), the team of Carnegie Mellon University, Koreans from POSTECH-Pohang, specialists from one US government military company, as well as Japanese, Spanish and American information security professionals.
Immediately there were suggestions to call the next team "I".
- In general, what tasks have to be solved during the CTF? What are the tasks and what do they show?
- The most interesting CTF - unpredictable CTF. The more knowledge you took from the game, the better it was. Tasks are completely different, and if everyone is already accustomed to reverse engineering, network packet analysis and exploitation of vulnerabilities, not a single CTF can do without these tasks — even mixed CTF can be confused in mixed tasks involving several areas of information security. 'Nick.
It is important to note here that just theoretical knowledge in information security is not enough. It's one thing to read somewhere about asymmetric encryption algorithms in cryptography, and another thing for 10 hours is to protect your system from attacks and attack others, which run a program that executes any code sent over the network, provided that it is signed by the RSA algorithm. Here you really understand what vulnerabilities are in the implementation of crypto-algorithms, why a short module is bad, how to use it to attack and how to defend against such an attack. At the same time, this whole system works implicitly, in the Linux kernel mode, and there are no source texts for the program. Here you immediately and cryptography and reverse engineering, and knowledge of network protocols.
Games require the team to have both a common outlook on information security and possession of specific practical skills, and in all areas. But, again, the most important thing is not what they demand or show, but what the participants of the game give. In addition to obtaining new knowledge, it is also a fan, new acquaintances, etc.
Also worth noting is the educational part. After each game, it is good practice to publish write ups - descriptions of the course of solving problems, so that the teams that failed to cope with the task could figure out and get new knowledge too. Thus, the level of the game is constantly increasing, which undoubtedly pleases. And we pull up the language: for example, we post our descriptions in English.
- Did you like it? Will you participate in the future?
- In fact, I started to participate in competitions 3 years ago, while our team was still quite green and did not achieve high results. But as time goes on, times change, and here we are back from Las Vegas, where the DEFCON CTF final was. There are ups and downs, as elsewhere, but I always try to find free time and participate in games, because, first of all, I increase my expert level.
In general, in order to perform in competitions, you do not need anything but desire. Our team started with 3 people (now there are 7 of us) at the Department of Secure Information Technologies at SPSU ITMO. At first it was just interesting what it is, then a fan, then I wanted to achieve a result.
At the same time, our doors are always open, we take everyone, provided that they have some knowledge of information security, they will find time and take part in competitions regularly.
- How big is the chance of the Russian teams to achieve the same results?
- Well, the same is good, but only we want the first places and make efforts for this. In addition, there are prerequisites for this. So, in September, several European CTFs took place, in each of which our team (Leet More) took one of the top places. In one they took first place.
There are, of course, problems, such as the lack of constant sponsorship, for trips to competitions, and a lack of free time, but I think we will cope and achieve even better results. Anyone who decides to follow in our footsteps and also participate in such competitions, I can say “welcome” - join us! The sea of positive emotions and new knowledge is guaranteed.
- Thank you very much for the interesting interview!
- Roma, you participated in the competition DEFCON Capture the Flag. This is a hacker competition - how does this fit in with our company?
- Unfortunately, for a long time the word “hacker” in Russia was associated only with cybercriminals, one can say that they were synonymous. However, in a narrower community, information security specialists are considered hackers, people who are always “on the wave” of all new trends in information security. Of course, a real information security expert cannot possess only knowledge in the field of information security; knowledge of the attacking techniques is also necessary.
')
Capture the Flag (CTF for short) is a hacker competition. The essence of the game is that a command with a set of vulnerable service applications is given to commands. The main task is to analyze the system, find vulnerabilities, close them in oneself and as quickly as possible, using the found vulnerabilities, hack the opponent’s systems. In some games, extra points are awarded for the description of vulnerabilities in the security bulletins. A kind of cyberwar in miniature is obtained.
I am glad to note that recently Russian teams have been achieving greater success, and “Russian hackers” are associated not only with criminals. In general, not all hackers are equally harmful, and there is a big White Hat community.
- Please tell us about the White Hat community.
- Since the word hacker itself is used differently everywhere, in order to exclude discrepancies, a distinction has been invented, so to speak. Black Hat is bad and White Hat are good hackers. It is like light and dark Jedi, if, of course, such a comparison is appropriate. We, of course, are bright, and I think that it has long been necessary to separate flies from cutlets and call Black Hat hackers cybercriminals. Although there is a misunderstanding here - the largest hacker conference is called Black Hat, apparently it was decided at one time that this would be better, I don’t know for sure. In general, do not get bored with these hackers.
- Is this community somehow represented in Russia?
- As I have already said, the words “hacker” and “Russia” have long been associated only with cybercriminals and, I must say, for good reason: statistics show that the same number of virus writers in our vast country has a decent amount and their actions are visible to everyone. White Hat-specialists, for various reasons, remained in the shadow for a long time, and, in general, there was no community.
The reason for this is the language barrier - the difficulty of communicating with foreign colleagues - and, to some extent, the closeness of companies working in information security, including anti-virus companies.
But in the past few years, the situation is changing for the better. Russian experts are increasingly appearing at international conferences (by the way, this is also a merit of our company). There were Russian CTF-teams that successfully perform in international competitions. The Defcon-Russia 7812 group opened (editor's note: 7812 is part of the name, formed from the telephone code of St. Petersburg) (defcon-russia.ru) is the official DEFCON group that was created by St. Petersburg guys from dsec'ka (Digital Security). At the same time, the group’s goal is to popularize information security in Russia, share knowledge, create a powerful community of experts. The main motto is: "The company in which you work is not important - knowledge that you can share is important." The group holds monthly meetings where invited experts speak. In fact, anyone can speak on the condition that he will provide an interesting and serious topic on which to be able to share knowledge. Also one of the initiatives of the group is the ZeroNights conference (zeronights.org), which will be held in November in St. Petersburg. Join now.
We, with our team Leet More (leetmore.ctf.su), also try to keep up, we hold seminars for junior courses, we invite new guys to the team, we share knowledge. In general, in Russia now there is a very big problem with training in the field of information security. There are very few training programs on this topic, and those that exist usually do not cause anything but disappointment. From there it turns out to collect guys, hungry for knowledge. The main reason is that the higher school is very much divorced from reality, there are practically no teachers who have their own experience. Therefore, this year I got a job as a teacher at St. Petersburg State University and am teaching the course “Introduction to the study of malware”, I try to share all my knowledge with the guys, because I know how difficult it is to find them yourself.
- Let's go back to the competitions - how often are they held and how popular?
- There are several major competitions in the world now, including UCSB iCTF, NuitDuHack, Hack.lu, plaidCTF, RuCTFE and others. DEFCON CTF has been held since 1996 and is the oldest and probably the most prestigious of them. This year, for the first time, our Russian team reached the final, and after all, ~ 300 teams from all over the world participated in the qualifying rounds. The team emerged as a result of the merger of the 4 strongest Russian CTF teams: Leet More, HackerDom, Smoked Chicken, Sibears and received the name IV - “four”. In the final we took the honorable 4th place, as you call the ship, so it will sail. We are ahead of such buffaloes as the team of the University of California Santa Barbara (organizers of iCTF), the team of Carnegie Mellon University, Koreans from POSTECH-Pohang, specialists from one US government military company, as well as Japanese, Spanish and American information security professionals.
Immediately there were suggestions to call the next team "I".
- In general, what tasks have to be solved during the CTF? What are the tasks and what do they show?
- The most interesting CTF - unpredictable CTF. The more knowledge you took from the game, the better it was. Tasks are completely different, and if everyone is already accustomed to reverse engineering, network packet analysis and exploitation of vulnerabilities, not a single CTF can do without these tasks — even mixed CTF can be confused in mixed tasks involving several areas of information security. 'Nick.
It is important to note here that just theoretical knowledge in information security is not enough. It's one thing to read somewhere about asymmetric encryption algorithms in cryptography, and another thing for 10 hours is to protect your system from attacks and attack others, which run a program that executes any code sent over the network, provided that it is signed by the RSA algorithm. Here you really understand what vulnerabilities are in the implementation of crypto-algorithms, why a short module is bad, how to use it to attack and how to defend against such an attack. At the same time, this whole system works implicitly, in the Linux kernel mode, and there are no source texts for the program. Here you immediately and cryptography and reverse engineering, and knowledge of network protocols.
Games require the team to have both a common outlook on information security and possession of specific practical skills, and in all areas. But, again, the most important thing is not what they demand or show, but what the participants of the game give. In addition to obtaining new knowledge, it is also a fan, new acquaintances, etc.
Also worth noting is the educational part. After each game, it is good practice to publish write ups - descriptions of the course of solving problems, so that the teams that failed to cope with the task could figure out and get new knowledge too. Thus, the level of the game is constantly increasing, which undoubtedly pleases. And we pull up the language: for example, we post our descriptions in English.
- Did you like it? Will you participate in the future?
- In fact, I started to participate in competitions 3 years ago, while our team was still quite green and did not achieve high results. But as time goes on, times change, and here we are back from Las Vegas, where the DEFCON CTF final was. There are ups and downs, as elsewhere, but I always try to find free time and participate in games, because, first of all, I increase my expert level.
In general, in order to perform in competitions, you do not need anything but desire. Our team started with 3 people (now there are 7 of us) at the Department of Secure Information Technologies at SPSU ITMO. At first it was just interesting what it is, then a fan, then I wanted to achieve a result.
At the same time, our doors are always open, we take everyone, provided that they have some knowledge of information security, they will find time and take part in competitions regularly.
- How big is the chance of the Russian teams to achieve the same results?
- Well, the same is good, but only we want the first places and make efforts for this. In addition, there are prerequisites for this. So, in September, several European CTFs took place, in each of which our team (Leet More) took one of the top places. In one they took first place.
There are, of course, problems, such as the lack of constant sponsorship, for trips to competitions, and a lack of free time, but I think we will cope and achieve even better results. Anyone who decides to follow in our footsteps and also participate in such competitions, I can say “welcome” - join us! The sea of positive emotions and new knowledge is guaranteed.
- Thank you very much for the interesting interview!
Source: https://habr.com/ru/post/132734/
All Articles