How to win CTF? Firsthand
We already wrote that the International Hacker competition - PHDays CTF - will take place at the Positive Hack Days forum. And also hack2own contests, where participants can try to hack an iPhone or an ATM. This year we will gather advanced hacker teams and just single talents from around the world. How do we find them? Including, with the help of qualifying competitions.
To select the strongest, who will take part in the battle for the monolith in May, we held two qualifying competitions - team and individual. In the last, he won a member of the notorious Russian team Smoked Chicken - kyprizel. He was the only one who solved all the tasks in 2011 and scored 100 points. For which I received great respect from the organizers and the legendary XSpider 7.8 !
Kyprizel kindly agreed to answer a few questions about tasks, CTF, hackers in Russia in general.
')
Recall the rules: all participants had to solve the tasks that were presented at last year's PHDays CTF. Time - 2 weeks, resources - unlimited.
It's not your first time participating in CTF?
kyprizel: yes, it so happens that I can call myself an experienced participant. For several years, our Smoked Chicken team has been participating in various CTFs, including international ones. We maintain friendly relations with other Russian teams, for example, with LeetMore, we sometimes team up to participate in big competitions, then we act as More Smoked Leet Chicken.
Following PHDays CTF Afterparty: what are your impressions in general?
kyprizel: the impression is twofold. On the one hand, the tasks are very close to the real ones, this is cool, on the other hand, they are too close (for example, iterating over the names of the files in search of the source code) - this is a competition, here you have to sacrifice some component. In general, the level of preparation of tasks seemed good, most of them were surprisingly logical.
The assignments PHDays CTF Afterparty were made up of assignments from last year’s live CTF. Then most of the participants could not solve them ...
kyprizel: yes, but the guys had 8 hours of hours, and I had almost 2 weeks, besides - some of the tasks were with PHDays CTF. To be honest, the goal was not to solve all the tasks, for me it was more for fun. This year we decided not to participate as a team in the PHDays CTF final, because I want to get to the forum itself, listen to the reports, socialize, meet interesting people (look at the live Bruce Schneier ), and when you play CTF at an event, this is almost impossible to do.
What didn't you like?
kyprizel: in principle, there was only one moment that strained, - I would like to clearly know what to look for and in what quantity. For example, in the case of win9x, you solve a cumbersome task, spend a lot of time, and get only 1 point for it. Moreover, the task itself is quite simple from the point of view of “thinking”, but here the process of solving is tedious and cumbersome. You do not know in advance how many points you will get for the decision, you cannot build a strategy for the game.
What are the wishes of the organizers?
kyprizel: 1. all in equal conditions (Cyrillic user names are not sporty, it’s not very convenient for foreign participants to work with such accounts); 2. test tasks well; 3. Try to do the tasks varied. Of course, you are already doing all this, just keep evolving.
What did you like?
kyprizel: you are distinguished by the presence of a virtual network, objectively this is a plus, no one else does this, this is a full-fledged pentest emulator. In general, you have a normal, not bad CTF. Of course, it is a bit out of format - there is a lot of web in it.
Regarding the level of participants - the practice of CTF is developed in the West much more ...
kyprizel: CTF exists in Russia for several years, the Yekaterinburg Hackerdom team organizes RuCTF for students each year, and international RuCTFe, which became this year the second largest number of participants in the world. PHDays CTF exists only 2 years, but the winner of the PHDays CTF final this year is in the Defcon CTF final without qualifiers , I think this is an indicator.
We have strong teams and potential in our country, the main thing that we lack is mass. For example, in foreign teams (I'm talking about those that are always in the top) often happens for 20 people, we have an average of 5-10, so we have to unite for major competitions. CTF in Russia is just gaining momentum, first-year students are catching up when we can put up full-fledged teams of 15 people of the same level, it will be cool
That is, you need to carry IB to the masses?
kyprizel: of course. We need to work with freshmen of specialized specialties, most of them come to zero, so I remember myself well. I have always had a craving for the topic of information security, and if someone had pulled me into a similar team in the first year, my level would be much higher now.
What do you advise to beginners?
kyprizel: First of all, you need a desire, as well as an understanding of how it all works and have an appropriate way of thinking. Need knowledge. It is not necessary in all areas, it is enough just to be able to think and be an expert in one's own field, the team is for everyone to do their own thing.
kyprizel shared the PHDays CTF Afterparty tasks, ready-made solutions can be found here .
To select the strongest, who will take part in the battle for the monolith in May, we held two qualifying competitions - team and individual. In the last, he won a member of the notorious Russian team Smoked Chicken - kyprizel. He was the only one who solved all the tasks in 2011 and scored 100 points. For which I received great respect from the organizers and the legendary XSpider 7.8 !
Kyprizel kindly agreed to answer a few questions about tasks, CTF, hackers in Russia in general.
')
Recall the rules: all participants had to solve the tasks that were presented at last year's PHDays CTF. Time - 2 weeks, resources - unlimited.
It's not your first time participating in CTF?
kyprizel: yes, it so happens that I can call myself an experienced participant. For several years, our Smoked Chicken team has been participating in various CTFs, including international ones. We maintain friendly relations with other Russian teams, for example, with LeetMore, we sometimes team up to participate in big competitions, then we act as More Smoked Leet Chicken.
Following PHDays CTF Afterparty: what are your impressions in general?
kyprizel: the impression is twofold. On the one hand, the tasks are very close to the real ones, this is cool, on the other hand, they are too close (for example, iterating over the names of the files in search of the source code) - this is a competition, here you have to sacrifice some component. In general, the level of preparation of tasks seemed good, most of them were surprisingly logical.
The assignments PHDays CTF Afterparty were made up of assignments from last year’s live CTF. Then most of the participants could not solve them ...
kyprizel: yes, but the guys had 8 hours of hours, and I had almost 2 weeks, besides - some of the tasks were with PHDays CTF. To be honest, the goal was not to solve all the tasks, for me it was more for fun. This year we decided not to participate as a team in the PHDays CTF final, because I want to get to the forum itself, listen to the reports, socialize, meet interesting people (look at the live Bruce Schneier ), and when you play CTF at an event, this is almost impossible to do.
What didn't you like?
kyprizel: in principle, there was only one moment that strained, - I would like to clearly know what to look for and in what quantity. For example, in the case of win9x, you solve a cumbersome task, spend a lot of time, and get only 1 point for it. Moreover, the task itself is quite simple from the point of view of “thinking”, but here the process of solving is tedious and cumbersome. You do not know in advance how many points you will get for the decision, you cannot build a strategy for the game.
What are the wishes of the organizers?
kyprizel: 1. all in equal conditions (Cyrillic user names are not sporty, it’s not very convenient for foreign participants to work with such accounts); 2. test tasks well; 3. Try to do the tasks varied. Of course, you are already doing all this, just keep evolving.
What did you like?
kyprizel: you are distinguished by the presence of a virtual network, objectively this is a plus, no one else does this, this is a full-fledged pentest emulator. In general, you have a normal, not bad CTF. Of course, it is a bit out of format - there is a lot of web in it.
Regarding the level of participants - the practice of CTF is developed in the West much more ...
kyprizel: CTF exists in Russia for several years, the Yekaterinburg Hackerdom team organizes RuCTF for students each year, and international RuCTFe, which became this year the second largest number of participants in the world. PHDays CTF exists only 2 years, but the winner of the PHDays CTF final this year is in the Defcon CTF final without qualifiers , I think this is an indicator.
We have strong teams and potential in our country, the main thing that we lack is mass. For example, in foreign teams (I'm talking about those that are always in the top) often happens for 20 people, we have an average of 5-10, so we have to unite for major competitions. CTF in Russia is just gaining momentum, first-year students are catching up when we can put up full-fledged teams of 15 people of the same level, it will be cool
That is, you need to carry IB to the masses?
kyprizel: of course. We need to work with freshmen of specialized specialties, most of them come to zero, so I remember myself well. I have always had a craving for the topic of information security, and if someone had pulled me into a similar team in the first year, my level would be much higher now.
What do you advise to beginners?
kyprizel: First of all, you need a desire, as well as an understanding of how it all works and have an appropriate way of thinking. Need knowledge. It is not necessary in all areas, it is enough just to be able to think and be an expert in one's own field, the team is for everyone to do their own thing.
kyprizel shared the PHDays CTF Afterparty tasks, ready-made solutions can be found here .
Source: https://habr.com/ru/post/138711/
All Articles