Tuesday, 3 September 2013

SANS542 GWAPT CTF - WON!!!

So after an intensive theory/practical classes, the 6th day is where the knowledge starts to apply! CTF! The reward: a limited edition SANS medal coin! The medal is only given to those who managed to win the Capture the Flag competition and yes, it is a big deal to bring back a glory for the team and company after spending so much for the training in Bangkok, Thailand.

It wasn't an easy competition. The flags were to Social Security Numbers, Addresses, Bank Accounts and its balances. We had to think outside of the box to capture a flag like for example, after using Nikto, we found ourselves staring blank at the result until one of us viewed the source code of the results and PING! we found a flag!

It wasn't easy to be honest, and while i tried to use commercial tools to cheat my way to win, eventually, it couldn't find anything. Tools that were used during the CTF were

1) NMAP
2) CEWL
3) Burpsuite (lots and lots of it)
4) Nikto
5) Your creativity

It was a great team effort and we finally pulled it off! Got all 3 flags. And well, here it is:

SANS Thailand 2013
Web App Penetration Testing and Ethical Hacking (SEC542)
August 26-31.2013
Bangkok

My team mate and my laptop...


This is my first time winning a Capture the Flag event and looking forward to more such competitions in the future. 

No comments:

Post a Comment