Police against the mafia or entertaining statistics of the online stage of NeoQUEST-2016

    From March 11 to 21, the online stage of the NeoQUEST-2016 cybersecurity competition was held! This year, the NeoQUEST team added “highlights” to the quest! Those who did not participate, but would like to learn about how it was, as well as those who took part, but want to refresh their memories - welcome to the cut!

    Mafiosi or a policeman?

    This year it was decided to give the participants a certain freedom of choice and divide all the players into two opposing sides. Having discarded such anticipated confrontations as Samsung and Apple, Moscow and Peter, cats and dogs, we decided to turn to a topic imbued with the spirit of adventurism and danger, namely, the mafia and the police.

    NeoQUEST-2016 broke records in the number of registered participants: 1538 people, and this is more than in 2012, 2013, 2014 and 2015! Initially, we thought that most of the participants would want to play for the mafia, however ... The quest began with a ratio of 51%: 49% in favor of the mafia, and ended with an almost equal score of 50%: 50%! There were 776 police officers, and the mafia - only 14 people less.



    Personal victories
    The first place in NeoQUEST-2016 was taken by n0n3m4 , who played for the police! He received his first key 3 minutes after the start of the quest and in the future did not give up leadership to anyone! His result is 1334 points. In third place was also the representative of the law proger10 with 948 points, but the mafiosi pashtetez took the second place , he has 1151 points!

    The top ten best players look like this:



    Only n0n3m4 completed all the tasks, and only he managed to read the ending. How did it end? A clear defeat of corruption: the mafia and the police left the dishonest politician without money, secretly dividing them among themselves!

    Area Control
    It was possible to fight not only with tasks, but also with each other - in bulk! Part of the map of St. Petersburg was divided into areas, each of which corresponded to a task. On both sides of the task number, the number of participants who passed it was indicated: blue - the police, red - the mafia.

    It turned out that law enforcement officers in their entirety were stronger: 6 districts - under the control of the police, 3 districts - under the control of the mafia, and 1 district - is neutral! However, despite this, the mafia scored more points (19735 vs. 19612).

    About assignments

    Now you can reveal small secrets and tell you on what subjects were the tasks and where, in the end, was this unfortunate task number 1 ?!

    Task 1. Find me!
    For assignment number 1 (“Find me!”), Many wrote to support@neoquest.ru: “Guys, did you remember to post the data for the assignment?” "Not!" - We answered and sent everyone to look carefully. After long wanderings around the site, many still found the source files for the task: 3 asn1 files, in each of which the parameters of the RSA cryptosystem were stored (marked with red dots). Files could be found either by accident (when you hover the mouse over the marked places), or with a thorough search of the source of the site.



    Thus, the first task related to the subject of cryptography. We will tell you how to do it in one of the following articles, but for now let’s summarize the statistics: there was only one key in the task, 24 participants received it!

    Task 2. These Bitter Onion Tears
    The title of quest # 2, “These Bitter Onion Tears,” alluded to Tor right away . It also had one key, and 25 people received it.

    Task 3. The X File
    In task number 3, entitled "The X File" there were two keys, and one of them turned out to be the simplest. It was him who received n0n3m4 3 minutes after the start, and soon many more participants (eventually, 333 participants)! The main thing is to be careful with docx format files! This task was associated with non-traditional ways of using computer components, namely, using a computer mouse as a camera. Both keys received 41 participants.

    Task 4. You Telegramma!
    Task number 4 with the saying "Telegramma to you!" contained as many as 3 keys! The first was found using SPARQL Injection, the second and third through csrf and Telegram bot. The first key was received by 21 participants, the second - 28 participants, the third - 15. Only 10 participants completed the entire task!

    Task 5. Shell code
    “Shell code”, or task number 5, got its name from the literal translation of the word “shellcode” broken into 2 parts. Here it was necessary to fuzz , and only n0n3m4 coped with this!

    Task 6. Dumme kleine grüne Männchen
    We could not do without the beloved Android security theme, and the title of task # 6, “Dumme kleine grüne Männchen”, translated as “Wacky Little Green Men,” also turned out to be speaking. The German name was due to the fact that the participants in passing this task were required to demonstrate their knowledge of German - at first glance! The task was completed by 14 participants.

    Task 7. Need for Speed: Catch up!
    Only 8 participants coped with task number 7 dedicated to racing (“Need for Speed: Catch up!”), The essence of the task was to trick the car's computer using the CAN protocol, which allows you to control the gas pedal and gearbox.

    Task 8. How many likes will our shootout collect?
    Task number 8, “How many likes will our shootout take?” Contained a memory for fans of Linux hardcore: playing video in the console. 7 participants managed it!

    Task 9. Missing file
    Task number 9, "Missing file" was on forensics, and assumed knowledge of how to work with means to restore the previous state of Windows partitions. 30 participants showed themselves to be excellent connoisseurs of Volume Shadow Copy .

    Task 10. Chess game
    And finally, 11 participants turned out to be excellent chess players who successfully received the only key to task number 10! Perhaps their success was not only in the ability to build tactics of their moves, but also in the knowledge of how to make moves in virtual memory.

    Mission statistics

    The statistics on the completion of the tasks collected in the tablet look like this:





    Somewhere in the middle of the online stage of NeoQUEST, we thought about how we wanted to visualize the process of passing the tasks by the participants, and designed it in the form of such a gif (all, all participants, unfortunately , did not fit):



    Getting ready for the “confrontation”


    The qualifying online stage of NeoQUEST-2016 has passed, and soon we will choose the cherished number of lucky people who will be invited to a full-time tour! In addition, we will contact both the winners and the winners of the competition! We are also always happy to receive feedback on NeoQUEST, send them to support@neoquest.ru.

    Our team is already preparing for the “confrontation”, which will be held in St. Petersburg on July 7! Admission is traditionally free, and this is another reason to visit St. Petersburg this summer (in addition to the romance of white nights and drawbridges). Ahead - cool reports, contests, demonstrations and the final battle of the best participants in the online stage! By the way, it turns out that the online stage of NeoQUEST-2016 has become a jubilee, because it is already 5 years old! But the anniversary of the “confrontation” will be celebrated next year, because in 2012 there was only an online stage.

    Follow all the information on our website , on Twitter , and also in the VKontakte group .

    Also popular now: