Hack Challenge

Last night was another Hack Challenge sponsored by Hurricane Labs.  This time the attendance was 3 times what it was for the prior one and the atmosphere felt a lot more competitive too.  While there were the low hanging fruit flags there also seemed to be some pretty complex one involved, quite a few involved spoofing or editing a file that was scheduled to write the flag elsewhere.  Needless to say I did not get any of those.

One thing that makes this great is going over the flags at the end of the night to find out what you had missed or gotten hung up on that was actually a path to nothing.  Some of the things that I got hung up on where a UNION in a sql injection, I had tried tables and rows but not columns, and the 2nd flag in the Cisco device, which I can blame on never having had the chance to play around on one.

psifertex of Defcon CTF fame also game a presentation that entailed a brief history of CTF, team construction, strategy, and resources on how to get up to speed.

I think these Hack Challenges / CTFs are probably one of the best times someone with a sincere interest in security can have.  Its one thing to build out a lab where you essentially know the vulnerabilities you have to exploit.  Its another thing to stumble into an environment knowing almost nothing and get to approach it like the bad guys but completely legally.  I say approach it like the bad guys instead of like a penetration tester because when your given just a few hours to rack up as many points as possible, things like recording your findings and being detail oriented tend to disappear.

If anything, these contests challenge me to get up to speed on the various vulnerabilities out there, learn the tools a lot better, and try to find some of the various online CTF challenges that exist.

So with that, I am hoping to actually make something of this sparsely updated blog.  I hope to document my learning of tools, exploring vulnerabilities, and attempting to get a better grasp on all things security related.