Reflecting on the BAE Systems CTF Event!
Introduction:
This week’s blog post is quite an exciting one. An in-person Cyber Security event which builds upon the CTF’s that I solved as part of my ‘System and Networks Security’ module at university.
Read on further to find out how it went.
As always, thank you for taking the time to read this article. Remember to applaud, comment and share with your friends.
Happy Reading!
Brief Event Overview:
Team event (big up to my team, they were great!).
Solve as many “CTF’s” as possible (problems involving technology, leading to a ‘flag’ as the answer).
Free pizza!!
All ran by employees from BAE Systems too!
Thoughts Going Into It:
I’ve done a couple of in-person events this ‘academic year’ (Coding Competition and DurHack Hackathon). Firstly, it was great that I didn’t have to compromise my sleep for this event!
In all honesty, these events were challenging. Obviously this is good as it’s new pressure, it’s a new environment and it’s a good place to learn. With that being said, it did lower my expectations for this event. I just wanted to have fun!
It goes without saying that this event was a great opportunity to utilise new tools and be exposed to a broader range of Cyber Security problems.
Key Learning Points:
Wireshark:
I’ve used Wireshark before but this involved greater exposure to encoded/encrypted data within packets.
Telnet:
I’ve never used this before and it was a great way to learn about authenticating into a TCP server.
It took some time but I was able to solve the challenge and gain the flag.
Scripting:
This is a general technique for any CTF/Computing problem and I got further exposure to scripting.
SQL Injection:
I definitely spent more time on the ‘SQL Injection’ flag than I would’ve liked.
I’ve been familiar with the concept for SQL Injections for a long time however I did struggle with exploiting the vulnerability.
With the help of someone from BAE, I was able to improve my understanding and eventually work out the flag!
Learning Experiences:
Poor Googling:
I’ll keep this short.
My poor Googling cost me an hour instead of 10 minutes on 1 of the problems.
Getting Stuck on ‘Privilege Escalation’:
After successfully SSH-ing into the machine, I found the file containing the flag.
Yes there was limited time but I couldn’t find a way around “sudo-ing” or “CHMOD”.
Event Conclusions:
I had a lot of fun.
My team were great.
I was able to learn.
Yes I didn’t solve everything but it was a good way to spend a Saturday.
We came 5/13 which isn’t perfect but I’m still content with.
Final Things:
As always, thank you for taking the time to read this article!
All my links are here!