The contest was finished! Thank you for participating. Results will be published tomorrow. If you want to discuss about challenges, please join chat @ructf_olymp
Forwarded from Vladimir Cherepanov
236 users registered
190 solved at least one challenge (including welcome)
106 solved at least one challenge (excluding welcome)
190 solved at least one challenge (including welcome)
106 solved at least one challenge (excluding welcome)
It's time to publish the results of the Olymp Quals. If you're student from Russia and have got more than 1000 points, congratulations! We're ready to invite you to the Olymp Finals and will write you letter today or tomorrow. Here is all of the finalists and some other non-student participants in one pic, find yourself!
Btw, you can try to solve tasks at olymp.ruc.tf, submissions will not affect scoreboard, but all services is up.
We've already published timetable of the RuCTF Conference on https://RuCTF.org/events and going to start telling you more about all the talks on monday. In the meantime, briefly: a lot about Web by Digital Security, Mail.ru and c00kies, social engeneering by pranker Lexus, hardware vulnerabilites by Egor "Xarlan" Litvinov and Hardware Village, a bit about simplification of work with Hex Rays from Groke, Lockpick-section and quests in HackZone, non-technical talks by Dmitriy Sklyarov from Positive Technologies and Sergey Krasnov from USSC. And, of course, traditional battles and discussion about future of CTF in Russia!
Let's get acquainted with our speakers starting with Dmitry Sklyarov and Sergey Krasnov!
Dmitry Sklyarov has prepared a report "20 years in Information Security ". In this report he will tell how the world of information security has changed in the last 20 years from the point of view of a researcher.
Dmitry has been taking part in our conference as a reporter for many years. Now he is the head of the department of Positive Technologies application analysis, he is working in the field of information security more than 18 years. He is a developer of an algorithm of Advanced eBook Processor program, published by Moscow company "Elcomsoft" and designed for creation of ebook backup copies in Adobe PDF format.
Dmitry has been taking part in our conference as a reporter for many years. Now he is the head of the department of Positive Technologies application analysis, he is working in the field of information security more than 18 years. He is a developer of an algorithm of Advanced eBook Processor program, published by Moscow company "Elcomsoft" and designed for creation of ebook backup copies in Adobe PDF format.
On the second day of the conference Sergey Krasnov, the the head of the USSC Safety analysis department, will speak on the topic "Work of pentesters team".
He will tell about everyday work of a pentester: what problems he faces, what interesting is in his work. Also he will answer the main question: why should you do it?
The format of the speech is several interesting life stories with technical peculiarities and other inside details!
He will tell about everyday work of a pentester: what problems he faces, what interesting is in his work. Also he will answer the main question: why should you do it?
The format of the speech is several interesting life stories with technical peculiarities and other inside details!
We continue to introudce you our speakers! On the first day of the conference Denis Rybin and Ilja Bulatov from Digital Security will tell us about security in web.
During his talk "Useful Burp Suite plugins and another tips and tricks" Denis will show us how we can use Burp Suite in 2019 effectively, quickly tells us about base functionality and delve into the most interesting, in his opinion, fresh plugins.
During the speech you will learn what useful checks cover the plugins which were mentioned, how they let you optimize the work with the area of the attack, and also what drawbacks they have.
During the speech you will learn what useful checks cover the plugins which were mentioned, how they let you optimize the work with the area of the attack, and also what drawbacks they have.
Right after Denis, Ilja will give a speech "From memory leak to RCE: how dangerous can be processing of mediafiles".
The speech is devoted to the analysis of attacks on web apps, which process media files. You will learn what unsafe processing of images, video/audio files, documents and archives may lead to, and also you will see the examples of exploitation of vulnerabilities.
You will see XXE-attacks in XML-documents, why ImageMagick and ffmpeg are security holes, attacks through MetaData of media files, tools for exploitation of vulnerabilities in processing media files.
The speech is devoted to the analysis of attacks on web apps, which process media files. You will learn what unsafe processing of images, video/audio files, documents and archives may lead to, and also you will see the examples of exploitation of vulnerabilities.
You will see XXE-attacks in XML-documents, why ImageMagick and ffmpeg are security holes, attacks through MetaData of media files, tools for exploitation of vulnerabilities in processing media files.
After lunch they will go to room 2077 to give speeches "Comfortable SSRF exploitation" and "Deserialization vulnerabilities and their exploitation in various programming languages".
Only a week left until RuCTF starts! Today we’re going to tell you about how information security is not just web, cryptography, reverse engineering, incident investigation, social engineering and pentesting but also a lot of different hardware! Most hardware-oriented talks in compilation from Alex-EXE.ru
https://teletype.in/@ructf/SyBA6YP54
https://teletype.in/@ructf/SyBA6YP54
Teletype
RuCTF 2019: low-level security
Only a week left until RuCTF starts! Most hardware-oriented talks in compilation from Alex-EXE.ru
What happens when you type google.com in a browser and press Enter? And what happens when you press the button "Sign in with Google" in the browser? Two of our speakers - Mauro Tempesta from the team bacaro_tour and Nikita Stupin from Mail.ru - know well the answer to the second question. Nikita will tell us about vulnerabilities OAuth 2.0 on moble devices and also he will show the most common and crucial vulnerabilities of usual OAuth 2.0, the mechanisms of defense and typical mistakes of developers. Mauro will present WPSE - a browser-side security monitor for web protocols which helps to prevent attacks on OAuth and SAML and to find vulnerabilities in different implementations of OAuth and its analogues.
In case you need it, the answer to the first question is here:
https://github.com/alex/what-happens-when
And you can register for the conference here:
https://ructf.org/registration/
In case you need it, the answer to the first question is here:
https://github.com/alex/what-happens-when
And you can register for the conference here:
https://ructf.org/registration/