The team of Internetwache.org has researched the security of industrial control systems (ICS) for the past months and we have discovered more than hundred unsecured controls of waterworks, heating stations, parking lots and buildings.
Penultimate weekend, we hosted our very first jeopardy style capture the flag event: The Internetwache CTF 2016
In this blogpost, we will write about the CTF from the organizer’s perspective. What was the setup? What went wrong? What did we learn? What was good? What can we do better next year? We hope that this insight can help other CTF organizers in the future.
Recently Tim was invited to visit the Security Analyst Summit of Kaspersky Labs (#TheSAS2016) which took place on Tenerife (Canary Islands) in february this year. In this post he shares his experience and wants to give a short overview of interesting topics (for the security research community).
TL;DR: #TheSAS2016 was a great experience and Tim learned a lot, because every day was filled with adventures or learning and seeing new things! The location was very nice, the atmosphere was amazing, the people were friendly - all in all everything was excellent!
Recently Tim has been working with the software framework “OpenVAS” (“Open Vulnerability Assessment System”). This software is open source so we spent some evenings looking for bugs in the webfrontend, the Greenbone Security Assistant. After some time Sebastian found two bugs and we were able to submit those - they are fixed now.
Sebastian joined the ENOFLAG team for the Insomnihack teaser CTF 2016. In this blogpost he’ll write about the workaround for the smartcat2 (web50) challenge.
It has become tradition to write a short review of the last year and the plans for the next one.
School-CTF was a short 5 hour CTF. Nevertheless, they offered awesome challenges and it was fun. Internetwache made it to the 17th place.
Today Sebastian opened his mailbox and saw a new email popping up. You have received fax, document 00311594 from email@example.com with a file attached. Let’s have a closer look at it :)
The evening after the hacklu CTF I had the urge to hack on some other challenges. Ctftime.org listed the ekoparty CTF 2015 as the first entry and there was one day left. In this blogpost I’m going to write up my solutions for the following challenges:
- Slogans ( Trv 50)
- SSL Attack (Trv 90)
- Blocking truck (Trv 100)
- Pass Check (Web 50)
- XOR Crypter (Cry 200)
- Press it (Misc 100)
And some notes on other services I’ve tackled.