Two months back, I had the opportunity to take part in the Secure Capture The Flag(sCTF) contest conducted at Amrita University, Amritapuri by Team bi0s(organizers of India Capture the Flag and one of the only teams from India that have done well in the international CTFs), as a part of the SecurIT (Security of Internet of Things) Conference. That got me interested in CTFs. The contest is named after the outdoor game wherein there are many flags hidden and each team’s objective is to capture the other team’s flags.
What interested me the most is that, in CTFs you get to deal with security issues in the real world. You have attacking, defending and then you need to score as well. This really does help in developing the habit of secure coding. In a CTF, you generally have a machines given to each team and they have to protect an isolated network. At the same time, they have to try to attack other teams’ network and capture the flags(this is might differ in various CTFs – it may even be required that you plant your flag in the opponent’s machine. A CTF generally tests a team’s ability in various aspects of Information Security like cryptography and analysis, vulnerabilities in web , networking, forensics, reverse engineering, binary exploitation and many others.
Right now, I’ve started working in the area of binary exploitation. Binary exploitation is trying to find out vulnerabilities in code and trying to exploit them. Now the slightly difficult part is that the code is not given to you. You have to disassemble the executable(binary) of that code and try to understand where the vulnerability and for this you need to really good at assembly language. I’d like to become an expert in this field before I go to other areas. 🙂 I’ll be posting more about the two things that you need to know for binary exploitation.