June 30, 2020
Last week, four of us from CUJO AI Labs spent three days solving complex challenges in network, cryptography, reverse engineering, programming, miscellaneous, puzzle and other categories in the FIRST 2020 Virtual Challenge Competition.
This was a virtual version of the famous CTF (Capture the Flag) held by FIRST – the Forum of Incident Response and Security Teams. The competition seeks to highlight the importance of the capability to use creativity in problem-solving under tight schedules and pressure.
Our team – Albert Zsigovits (Threat Researcher), Dorka Palotay (Senior Threat Researcher), Filip Savin (Senior Cybersecurity Engineer) and myself – won the first prize of the CTF, solving all 36 different challenges in various specific categories in the shortest time and with the best score among 273 participants.
Being the First at FIRST
It makes us beyond proud to know that only three teams of 273 were able to solve all 36 CTF competition challenges in time, and still our team was the fastest and scored the maximum points. This victory once again confirmed that we are able to work together under tight schedules and pressure. This is a significant proof that our intense and precise work will benefit our customers when we are solving the vulnerability challenges on the markets.
The FIRST CTF Challenge consists of a series of technical exercises where the participants must find an answer, a flag, and submit to the CTF platform. Every correct flag submitted increases team score. New challenges are released daily during the event. A new addition this year is collaboration with the US Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) to offer some challenges related to Industrial Control Systems (ICS).
First-hand Reports from the Winners
As I am not a pro in IDA, I knew my skills are better used in challenges like cryptography, steganography and miscellaneous puzzles like password cracking. The challenges were released day by day, with increasing difficulty. Day one and two were rather short on the type of challenges I’m good at, so I mostly spent my time on things I usually do, like asking others to document their findings and entertaining the other teams on the official CTF Discord channel.
Luckily, as I had some experience with CTF challenges from the past, I knew the dirty tricks where organizers hide the challenges and key components. These challenges were rather easy for me. For one crypto challenge, I opted for a difficult guessing option instead of realizing an easy pattern. But hey, it was solved in the end. The steganography challenge took a significant amount of my brainpower, but luckily, the others had already solved all other challenges and were able to figure this out.
It was a fun experience, and I am proud to work with talented people like my teammates.
Below is their take on the ups and downs from the FIRST 2020 Virtual Challenge Competition.
Dorka Palotay, Senior Threat Researcher
I cannot imagine a better way to start at a new company. I just joined CUJO AI this month and could luckily jump straight into the fun part. As I had never participated in a CTF competition before, this was an event of firsts for me: first month at CUJO AI, first project together with my new teammates, first CTF, first CTF win and as a cherry on the top, it was organized by FIRST.
I thoroughly enjoyed the three-day-long event with challenges from multiple domains and different difficulty levels. Since reverse engineering is the core of my job, I jumped into those challenges and that is the area where I was happy for some quick wins. On the other hand, it was a great opportunity to learn about other domains, just like the ICS challenges. Those challenges drove me to dive deeper into a field that I didn’t know before, kept me awake at night, and brought the biggest joy when our solutions were correct.
The best part of it all was to work together with the team. Each of us brought our own expertise and knowledge, which helped us to learn from each other. Many of the challenges could only be solved with real teamwork. I’m happy that I have the chance to work with them and I’m looking forward to new CTF games in the future.
Albert Zsigovits, Threat Researcher
For me, one big key takeaway was how well our team worked together, joining our expertise and skillsets and sharing knowledge with each other.
I have to say, FIRST really went above and beyond with providing an outstanding CTF experience with quality challenges. The opening and closing ceremonies were also a nice touch. As winners we got to present our solutions to the other participants.
As for the challenges, the ICS/SCADA domain was completely new to me, but it actually brought a lot of versatility to the arena, as you had to apply your analytical and research skillsets to something completely different.
I’d previously had some expertise in the network and memory forensics domain, so that came in handy with all the packet captures and image files. I really enjoyed going through these challenges, and I always find it rewarding to constantly challenge myself with competitions like this: Putting your skills to the test always reinforces that expertise. I really enjoyed going down a few rabbit holes then crawling our way back up to find alternative routes to solutions.
On the third and last day, there were definitely moments of blood, sweat and tears, but we managed to come out on top by staying consistent and being eager to prove ourselves.
Filip Savin, Senior Cybersecurity Engineer
It was a great event with a much more valuable final result than just winning the first place.
This was my first real CTF event. The initial participation goal was kind of team building by having fun and collaborating on CTF tasks. But when I saw how each member of our team was solving challenges like cracking nuts in the beginning of day one, it was really inspiring. And when we were first after all of that day’s challenges were solved, everyone seemed to silently agree that we were aiming for overall victory.
With the rise in challenge difficulty each day, our collaboration changed from just reporting solved challenges on day one to lengthy discussions, often full of frustration on tasks and challenges where we struggled and full of joy on every step we believed was in the right direction. After solving one of the challenges provided by the DHS, when we needed to reconstruct firmware from wiretap oscillatory data and then reverse engineer it, I felt that our momentum was becoming unstoppable.
When struggling for a solution to the last challenge on steganography, at one point, after checking all imaginable (and even more) possibilities, we realized that we were overthinking things and took a more logical path to solve this final challenge successfully.
At that moment, I looked back at those three days and felt that we are an awesome team and how incredibly proud I am of my colleagues.