Each year NSA puts out a challenge called Codebreaker that requires reverse engineering and exploitation skills. This year is was designed around the Ethereum blockchain; how to interact, deploy contracts, read storage, and exploit vulnerabilities. I believe this year was both easier and tougher than last year. The earlier tasks ask you to reverse engineer two Linux libraries that seem to be more obfuscated than last year. The later tasks ask you to interact and analyze Ethereum smart contracts, which in my opinion requires a different thinking than traditional programming. There were 7 tasks and 1 warm-up task.
A little while ago I went through a security course, and we were testing SQLi on BadStore.net. BadStore.net is a website created to test common web attacks on. I enjoyed practicing on it, and wanted to do a write of some of the things you can do a SQLi vulnerablility.
Each year NSA puts out a challenge called Codebreaker that requires reverse engineering and exploitation skills. This year it was designed to take the players through some of the phases you might take if you found someone on your network. There were six tasks each one building on the previous and requiring different skills. There were 1098 participants and only three were able to complete all six tasks. I was able to complete five tasks, along with 2.2% of participants.
One of the challenges I completed required reversing a randsomware that encrypted a MBR. After the MBR has been retrieved it needs to be reversed to find the password to boot up the system. This taught me how to get around simple anti-reversing techinques and reversing 16bit code.
In my 2016 linear algebra class during my Master’s, we were assigned to do a project that used SVD and PCA in some fashion. I used SVD to classify emotions from an image, and my partner, David Kaplan, used PCA to predict gender from a picture.