SecureBug Capture the Flag Competition (Chapter Three: Loki)
Swedish CTF participants arrive in Loki’s territory on 19 July 2021. The trickster Loki has changed the rules of the game, so not everyone can achieve his great treasury. Based on Loki’s “static point” rule, only the first hunter who solves each challenge gets the full points.
The score of the solved challenges decreases gradually until it reaches a minimum. Therefore, the last participants who solve the challenges would get the lowest points. It’s not all about protecting a mysterious treasury; Loki wants to encourage each hunter to reach new heights and keep developing.
Get Ready for Real Scenarios
There are only high-level researchers who succeed in real scenarios. Loki wants security researchers to know they have to be quick and try to expand their knowledge if they want to have a professional career in the security world. Loki rewards hunters based on their professionalism in combined skills.
Unlike other Gods, who considered more points for those hunters who mastered some specific skills, Loki believes that there should be no differences between what hunters get in exchange for solving his riddles. Loki challenges are divided into 5 different topics:
- Reverse engineering
The initial point that hunters get for solving each challenge, regardless of the topic, is the same, It’s time for you to reach new heights and aim higher.
Asian participants rocked the Loki competition on the first day. On the first day of the competition, Indians and Singaporeans took over most of Loki’s treasure by solving more than half of his challenges. Some of our lovely participants such as BootPlug, and Batata who were with us in the realm of other gods too, recorded some important first-bloods in Loki’s territory that increased the excitement of the match right after the beginning of the competition. Another important point that caught Loki’s attention was the powerful presence of hackers from East Asia who took a significant portion of his treasure. New participants in Loki’s realm made the treasure hunt more exciting than ever.
The x0r19x91 was the first participant to unlock Loki’s treasure by solving The Superman Safe. Superman safe was a hard challenge, and solving it required the application of reverse engineering skills. Due to the critical level of the challenges that “x0r19x91” solved on the first day, they could be among the top ten in other territories. But the rules that governed Loki’s territory deprived them of such a chance to be in the top ten. “x0r19x91” was an expert in reverse engineering, but Loki wanted to share a large portion of his treasure among researchers who have mastered all the skills. At the end of the first day, there were still some challenges that remained unsolved. The unsolved challenges such as “Basics” required the use of participants’ web-related skills.
Talented participants from India seized Odin’s treasure. Apart from Indian hunters, another Asian hunter is among the top 5 contestants. Socengexp was a Singaporean haunter who earned 8486 points by solving 21 challenges and became the fifth top hunter in the Loki realm. The only participant who could solve all of Loki’s challenges was the thehackerscrew, a haunter from India who earned 10066 points and became the top haunter in the Loki realm. sinn3rb0y5, kryptonite, and bootplug are hunters who are ranked second to fourth. The interesting thing is that all three of these participants managed to solve 21 challenges and their scores were equal despite the difference in their rank. These three hunters are talented, creative, and genius, but their chance to achieve success in real scenarios varies depending on their rapidity. That was what Loki wanted to remind haunters. He wanted them to increase their rapidity, and increase their knowledge. Participating in CTF challenges is one of the best possible solutions to increase the pace of cyber challenges. But how hackers can increase their knowledge?
How to increase your knowledge
All security researchers have their strengths, but they should kill their weaknesses if they want to succeed in real scenarios. Just like what happened during the Loki competition, hackers can’t earn much if they rely on a limited number of skills if they want to succeed in real scenarios. The good news is that you already know how to hack if you have participated in Loki. Therefore, you do not need to learn the basics. You may not be able to solve a challenge, but you understand when others explain their solutions. Write-ups are where hackers present the solutions that they have found for each challenge.
If you want to expand your knowledge you can start studying write-ups. Write-ups contain solutions that hackers found for solving different challenges. Now the question is how you can make studying on write-ups more efficient?
First of all, choose the category that you want to start studying. Try to read several write-ups that have been written about the category that you have chosen. Try to divide each solving process into different steps, and find the similarities between the suggested solutions. You would get familiar with solving processes by taking these two main steps, but you still need to learn practical skills.
To learn practical skills, you need to analyze the solving steps. The similarities that you have found during the analyzing process can be your guide to the right steps.