We’ve sent the following secret message on a secret channel. I warmed up on basic forensics and steganography challenges.
You should definitely read levels 8-10, but honestly every challenge from level 3 onwards is interesting. You may want to skip the earlier levels as they were fairly basic. What distinguished TISC from typical CTFs was its dual emphasis on hacking AND programming - rather than exploiting a single vulnerability, I often needed to automate exploits thousands of times. I took away important lessons for both CTFs and day-to-day red teaming that I hope others will find useful as well. Since I could only unlock each level by completing the previous one, I forced myself to learn new techniques every time. While I considered myself reasonably proficient in web, I stepped way out of my comfort zone tackling the broad array of domains, especially as an absolute beginner in pwn, forensics, and steganography. Levels 8 to 10 combined multiple domains and each one felt like a mini-CTF. I spent more than a hundred hours cracking my head against seemingly impossible tasks ranging from web, mobile, steganography, binary exploitation, custom shellcoding, cryptography and more. I placed 6th in the previous TISC and wanted to see what difference a year of learning had made. However, since I was playing for charity, I was more interested in testing my skills, particularly in the binary exploitation domain. For example, if there was only one solver for level 10, they would claim the full $10,000 for themselves. Participants unlocked the prize money in increments of $10,000 from level 8 to 10, with successful solvers splitting the pool equally. As you would expect, the prize pool grew accordingly - instead of $3,000 in vouchers in 2020, it was now $30,000 in cold hard cash. Now with two weeks and 10 levels, the difficulty and variety of the challenges greatly increased. This format created a big departure from last year’s iteration ( you can read my writeup here), which was a timed 48 hour challenge focused primarily on reverse engineering and binary exploitation. From 29 October to 14 November 2021, the Centre for Strategic Infocomm Technologies (CSIT) ran The InfoSecurity Challenge (TISC), an individual competition consisting of 10 levels that tested participants’ cybersecurity and programming skills.
0 kommentar(er)
