I invite you to the big CTF-tournament on information security

    image

    The Cyber ​​Readiness Challenge (CRC) is a hack quest conducted by Symantec around the world. This year in Russia, CNews and Symantec are involved in the organization. We, CROC, are a strategic partner.

    Last year, 143 participants gathered in Russia for the online part, who spent a total of 3070 hours trying to make a series of hacks in a simulator of a network of a large corporation.

    This year the games continue. Uncover Kali, connect via VPN to our simulator and immerse yourself in the game. The first levels are designed for the training of information security specialists (that is, they will give you experience if you are not a pros pros). The last flags are designed for harsh Russian hackers: the fact is that last year our compatriot Vlad consistently pulled out an online game, an offline tournament in Moscow (with a record for speed) and, quite so in the end, a tournament in the EMEA region in Nice.

    What will it be?


    On August 15, Friday at 6:00 a.m., the CRC virtual infrastructure, a network simulator of a large company, will start operating in Moscow. You will have a set of tasks for vulnerability assessment, reconnaissance, information extraction and concealment of penetration traces. A set of tasks combines the standard part (port scanning, decrypting and trying passwords, attacking sessions, working with disk images, SQLi, CSRF / XSS, using exploits) and surprises, for example, last year there were crypto codes of the 16th century and deanonymization on a mobile device.

    The network simulator will stop on Tuesday August 19 at 18:00 Moscow time. The experience of last year, when the game was held on weekdays, was taken into account. Now it will be possible to sleep well during the hack quest. Usually, 6-8 hours are enough for a game without taking into account active smoking of mans - such a long time has been made so that participants can successively study obscure topics and take flags with them in the simulator.

    Winners will need to be deanonymized to receive prizes. In addition, the winner cannot be the person who won a prize in one of the Cyber ​​Readiness Challenge for the last 5 years (that is, Vlad drops out of competition), employees of the organizing companies and related companies, employees of competing Symantec companies, as well as individuals under 18 years of age and persons not residing in the territory of the Russian Federation. It is possible to participate for general development and out of interest, but there will be no chance to win prizes.

    In addition to the prizes, the three CRC-online finalists will go to Moscow for an offline competition. The winner of offline will win a trip to London to the largest technology conference Symantec Vision.

    Example of a simple task


    You need to decrypt the line:
    LnR4ZXQgc2lodCBvdCBkZW5lcHBhaCBkcmlldyBnbmlodGVtb1MgIWVub2QgbGxldyB5cmVWCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09IF
    RSQVRTIFRYRVQgREVET0NORSA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09CiJlLml0IHNnZWVubGxoYSBDb253IGRvaW4gd2Vyc3dhbmUgdG
    h0ICBhaCJLOGhMSjhoMzdEMlpVbSIzZSBvZCBjaXN0aHQgcHVlIGFzbGUgcGVkcmR3YXJlZSAgYnRvciBkZW9ybiAiSQogPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0
    9PT09PT09PT09PSBETkUgVFhFVCBERURPQ05FID09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K


    Decision
    1. Decode base64.
    2. Invert a string with any tool, for example, rev.
    3. See C [ret] ai! O at the end and assume that it is Ciao! - then swap byte pairs throughout the message.


    A multi-step task more complicated (No. 2) is already on c2.cnews.ru.

    Is it worth playing?


    A word to the winners of last year.

    Vlad Roskov: "Ideal for beginners, a good workout for the prosarennyh."
    Andrei Leonov: “I would advise such a tournament to those who are just starting their journey in the field of information security without a twinge of conscience. This does not mean that the tournament was simple. But given that the tasks as a whole followed one from the other, and there were clues, sometimes containing a complete answer, it was possible to gain a lot of new knowledge. Or to understand where even the tips weren’t enough :) "
    Victor Alyushin: " I would advise absolutely everyone - from beginners to professional pintesters and just those who want to try hacking. For the latter, I would advise making step-by-step instructions [especially for Metasploit] let's say for 110% of the task cost;). ”
    Teymur Kheirkhabarov: "To all those who are not indifferent to the topic of information security, and especially its practical side ... I participated in such an event for the first time."

    More information



    Also popular now: