Police against the mafia or entertaining statistics online stage NeoQUEST-2016

From 11 to 21 March, an online-stage of the cybersecurity competition NeoQUEST-2016 took place! This year, the NeoQUEST team added “highlights” to the quest! Those who did not participate, but would like to know how it was, as well as those who participated, but want to refresh their memories - welcome under the cat!

Mafiosi or a policeman?

This year it was decided to give the participants a certain freedom of choice and to divide all the players into two opposing sides. Having rejected such expected confrontations as Samsung and Apple, Moscow and Peter, cats and dogs, we decided to address the topic imbued with the spirit of adventurism and danger, namely the Mafia and the police.



NeoQUEST-2016 broke records in the number of registered participants: 1,538 people, and this is more than in 2012, 2013, 2014 and 2015! Initially, we thought that most of the participants would want to play for the mafia, however ... The quest began with a ratio of 51%: 49% in favor of the mafia, and ended with an almost equal score of 50%: 50%! The police turned out 776 people, and the mafia - only 14 people less.





')

Personal victories

First place in NeoQUEST-2016 took n0n3m4 , who played for the police! He received his first key already 3 minutes after the start of the quest and later did not cede leadership to anyone! His result is 1334 points. In the third place is also a representative of the law proger10 with 948 points, but the second place was taken by the mafia pashtetez , he has 1151 points!



The top ten best players look like this:







All tasks passed only n0n3m4, and only he managed to read the ending. What is all over? The unequivocal defeat of corruption: the mafia and the police left a dishonest politician out of money, secretly dividing them among themselves!

Control areas

It was possible to fight not only with tasks, but also with each other - in the mass! Part of the map of St. Petersburg was divided into areas, each of which corresponded to the task. On both sides of the assignment number, the number of participants who passed it was indicated: blue for the police, red for the mafia.



It turned out that law enforcement officers were generally stronger: 6 districts were under police control, 3 districts were under mafia control, and 1 district was neutral! However, despite this, the mafia scored more points (19,735 vs. 19,612).

About tasks

Now you can uncover little secrets and tell you what topics the tasks were and where, in the end, was this unhappy task No. 1 ?!

Task 1. Find me!

On assignment No. 1 (“Find me!”), Many wrote to support@neoquest.ru: “Guys, did you remember to upload data to the assignment?” “No!” - we answered and sent everyone to look carefully. After long wanderings around the site, many still found the source files for the task: 3 asn1 files, each of which contained RSA cryptosystem parameters (marked with red dots). Files could be found either by accident (when you hover the mouse over the marked places), or by searching carefully the source of the site.







Thus, the first task related to the subject of cryptography. How to pass it, we will tell in one of the following articles, but for now let's summarize the statistics: there was only one key in the task, 24 participants received it!

Task 2. These Bitter Onion Tears

The name of the task number 2 - "These bitter onion tears" - immediately hinted at Tor . It also had one key, and 25 people got it.

Task 3. The X File

In the task number 3 under the name “The X File” there were two keys, and one of them just turned out to be the simplest. It was him who received n0n3m4 3 minutes after the start, and soon many more participants (in the end, 333 participants)! The main thing is to be attentive with docx files! This task was associated with unconventional ways of using computer components, namely using a computer mouse as a camera. Both keys were received by 41 participants.

Task 4. You Telegramma!

Task number 4 with the saying title "You Telegramma!" Contained as many as 3 keys! The first was using SPARQL Injection, the second and third - through csrf and Telegram-bot. The first key was received by 21 participants, the second - 28 participants, the third - 15. Only 10 participants completed the entire task!

Task 5. Shell code

"Shell code", or task number 5, got its name from the literal translation of the word "shellcode" broken into 2 parts. Here it was necessary to learn a little , and only n0n3m4 coped with it!

Task 6. Dumme kleine grüne Männchen

We could not do without the beloved Android security theme, and the title of task number 6 “Dumme kleine grüne Männchen”, translated as “Wacky little green men,” also turned out to be speaking. The German name was due to the fact that the participants during the passage of this task were required to demonstrate their knowledge of German - at first glance! Task passed 14 participants.

Task 7. Need for Speed: Catch up!

With task number 7 devoted to racing (“Need for Speed: Catch up!”), Only 8 participants managed, the essence of the task was to trick the vehicle’s computer using the CAN protocol, which allows you to control the gas pedal and gearbox.

Task 8. How many likes will collect our shootout?

Task number 8, "How many likes will bring together our shootout?", Contained a memory for fans of Linux hardcore: video playback in the console. 7 participants coped with it!

Task 9. Missing file

Task number 9 "Missing file" was on forsensiku, and assumed knowledge of how to work with the means of restoring the previous state of Windows partitions. 30 participants proved to be excellent experts on Volume Shadow Copy .

Task 10. Chess game

And, finally, 11 participants turned out to be excellent chess players, who successfully obtained the only key to task number 10! Perhaps their success lay not only in the ability to build tactics of their moves, but also in knowing how to make moves in virtual memory.

Task progress statistics

The statistics collected on the plate on the passage of tasks is as follows:











Somewhere in the middle of the NeoQUEST online stage, we thought about how I wanted to visualize the process of passing the tasks by the participants, and designed it in the form of such a gif (all participants, unfortunately, did not fit into it):

Preparing for the "confrontation"

The qualifying online stage of NeoQUEST-2016 has passed, and soon we will choose the cherished number of lucky ones who will be invited to the full-time tour! In addition, we will contact both the winners and the winners of the competition! We also welcome feedback on NeoQUEST, send them to support@neoquest.ru.



Our team is already preparing for the "confrontation", which will be held in St. Petersburg on July 7! Entrance is traditionally free, and this is another reason to visit St. Petersburg this summer (besides the romance of the White Nights and drawbridges). Ahead - cool reports, contests, demonstrations and the final battle of the best participants of the online-stage! By the way, it turns out that the online stage NeoQUEST-2016 has become an anniversary, because it is already 5 years old! But the anniversary of the “confrontation” will be celebrated next year, because in 2012 there was only an online stage.



Follow all the information on our website , on Twitter , as well as in the VKontakte group.