Post attack analyses ZedCorp Challenge - My name is Rookie

The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO. For this recap, I want to do some analyses on my challenge to know how challengers proceed to solve it. There is some fun facts :D You can read writeups here to understand the context :

Hacklab ESGI CTF 2019 - Recap

Hacklab ESGI CTF 2019 is a “Capture The Flag” competition in a Jeopardy style. It’s organize by security enthusiasts, members of Hacklab ESGI security association. For the 2019 edition, I wanted to share some knowledges to challengers. So I decided to join the CTF Staff and create a big web/system challenge : ZedCorp alias ‘My name is Rookie’. Participate to a CTF like Staff is quite different than participate like player.

ZedCorp Challenge - My name is Rookie

The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO. For this challenge, I wanted to teach challengers the principle of SSH tunneling and basics of penetration testing. Writeups wrote by others challengers (too many writeups you are mad <3) :

Neverlanctf 2019 - Recap

The NeverLAN CTF is an online jeopardy style Capture the Flag created for student. This CTF is begineer friendly and overall easy. The 2019 edition ran from thursday, January 31st to sunday, February 3rd 2019. This event was created with the goal of teaching the younger generation about Computer Science and the value of critical thinking and problem solving. The competition proposed several classic categories like web, reverse and crypto but also proposed originals categories like cloud, bash and trivia questions.

Insomni'hack Teaser 2019 CTF - Recap

Insomni’hack is a security conference who take place in Geneva every year since 11 years. The 2019 edition will happen at the Palexpo Congress Center in Geneva on March 21 st & 22 nd 2019. The main Insomni’hack CTF contest will be held on March 22nd 2019, from 6 pm until 4 am the next morning. It will start shortly after the end of the conferences. Teams are limited to 8 participants, onsite only.

Netrunner

Netrunner is the second biggest challenge of the Santhacklaus 2018 CTF. The challenge is not really hard, but could be particulary annoying if you don’t know what to do. You need to have some skills in pentest web and medium skills in Linux system. The challenge is divided in 3 steps. Each step has its own validation password (flag). So let’s begin with the first step ! 1st step - You have a mission !

ArchDrive

ArchDrive is the biggest challenge of the Santhacklaus 2018 CTF and my favorite one. It’s divided in 5 steps of increasing difficulty. The challenge is not really hard, but particularly long and time-consuming. You need to have some strong skills in web pentesting, some basic skills in forensic and medium skills in Linux system. So, as you can see, the 5 steps have their own validation password (flag). Let’s start the challenge !

Santhacklaus 2018 CTF - Recap

Santhacklaus 2018 CTF is a “Capture The Flag” individual competition in a Jeopardy style. Each challenger has to score points through the validation of challenges. The competition involves about thirty cybersecurity challenges divided into different categories (web, cracking, forensic, steganography, networking, system) and with various difficulty levels, from incredibly easy, to difficult. The competition took place from Friday 14th December at 8:18pm to Friday 21st December 2018 at 8:19 pm. The project has been sponsored by IMT Lille Douai (french IT school) and created by four students :