Tag: CTF

Posted in CTF, Informational, Profiles, Simple Malware Analysis, Vulnerabilities

Jobs in Cyber: Vulnerability Researcher

Posted on by Steph
Hand with black nail polish holding a magnifying glass – Pexel

Stumbled on this job during a recent job search. This had never been on my radar as a possible field of interest, but after interviewing and learning about the position I was intrigued.

A vulnerability researcher basically investigate, identify, and study vulnerabilities and exploits in software and/or systems. Sometimes this can be independently, but often it is part of an enterprise or in conjunction with continuous monitoring services.

Possible Skills Needed:

  • Scripting knowledge
  • Decompiler knowledge
  • Malware Analysis
  • Communication (verbal and written)
  • Methodical approach to research
  • Analytical mind
  • Scanners such as Nessus
Posted in CTF, Labs, Learning Woes

Women United over CTF 2.0

Posted on by Steph

Reverse Engineering – First Try

For me this experience was an epic failure, but that’s most definitely because I know absolutely nothing about Reverse Engineering. My frustrations were enhanced by the fact that my entry key was buried in my spam/trash folder and I didn’t think to look in there until an hour before the CTF was scheduled to end. In all honesty this wasn’t my first time signing up for this CTF, but during 1.0 I had to work so only got the bonus membership to Escalate afterwards and never got to touch the platform.

As I stated I know nothing about Reverse Engineering…well, I wouldn’t say nothing. I know the names of some of the tools, namely Ghidra and BinaryNinja, but I’ve never used either. |

I’m trying to leave myself completely open to learning though, which also means participating in as many CTFs as I can schedule. This is a subplot plan that has me trying to get the hands-on experience from anywhere. So, knowing nothing I signed up for this one.

As I state above the problems were mostly caused by me and my email address. I got a little hands-on usage of Binary Ninja to complete simple tasks, but I would have needed way longer than an hour to get anywhere with the medium and hard tasks. I think maybe in the hour I was able to score something like 72 points.

The pro of doing this is that I realized that somethings aren’t that difficult to do when in comes to reverse engineering. I mean this doesn’t make me any sort of expert, nor would I put this on my resume (other than to demonstrate my willingness to learn new tools). I think that it did make me interested in knowing more about reverse engineering. I would like for when 3.0 comes around I score at least 100 points (that was actually my lofty goal this time). The gist is that I’m not going to just stop participating because right now I’m not as knowledgeable.

Sponsors:

Some Reverse Engineering Tools

  • Ghidra
  • Binary Ninja
  • IDA Pro
  • Radare2
  • Scylla

Some Reverse Engineering Books

  •  Reverse Engineering For Beginners by Dennis Yurichev
  • The IDA Pro Book by Chris Eagle
  • Hacking the Xbox by Andrew “Bunny” Huang
  • Practical Malware Analysis by Michael Sikorski and Andrew Honig
Posted in Uncategorized

All Brute Force, No Finesse…

Posted on by Steph

Thoughts on My First National Cyber League/Capture the Flag Experience.

I’m a finesse pitcher without the finesse.

David Cone

It’s a month removed from competing in Skyline’s National Cyber League Capture the Flag (CTF) This was my first time and really I did it kind of on a lark, like I was interested in doing CTFs, but I never had so I was also a bit intimidated. I got an email from school about competing on their team with the cost covered, all experience levels welcome and did it. |
The competition was intense, because I always want to do my best and really for the individual and team portions you only have a weekend to do each. The craziest part is the team portion fell on the same week as midterms so extra stressors. That was added on to the fact that only 2 of us out of the 4 person team actually did any work (isn’t that just typical of group work?).
All in all it was a great experience though because it kind of showed me my strengths and weaknesses and also because the competitive nature of the games spoke to my Aries nature. I always want to be my best, not necessarily THE best, but MY best.
I’m actually pretty excited to try my hand again in the Spring. Maybe then I’ll have a better accuracy score instead of butting my head against the problems until I solve them through sheer determination and force.

unsplash-logoCaspar Camille Rubin

Individual Game 2019
National Rank: 718/4,149
Score: 1, 205