Reading: 18972
The first stage of nsctf Northwest University network security attack and defense competition ended, and azure ranked first with 9350 scores. The competition attracted 1136 competitors, including 0ops members, insight labs members, network sharp knife team members, cubesec team members, as well as university information security team members such as hduisa and dutsec. This paper summarizes the online games and opens all the answers to download.
Introduction of competition
The competition is divided into two parts. In the first stage, the online answering mode is adopted to select top 20 to enter the second stage offline final. As of the end of the first stage online competition, the ranking of each team is as follows (see the competition homepage http://www.nsctf.net/)
Match answer
There are 24 questions in the online competition, including 12 web questions, 6 reverse questions, 3 encryption and decryption questions, and 3 comprehensive questions. The most solved is web 100 careful, with 284 people solving it, and the least solved is reverse 3000 exploitme, with 4 people solving it. Here is the summary of all the answers to the questions, which is convenient for the teams to summarize and review. Here, I would like to thank w3b0rz for providing all the solutions of the reverse part, yhzx Dou 2013 for providing the solutions of the rest part, and azure, the first player in the online game, for providing all kill, Nb. At the same time, I wish top 20 players get good results in the finals!
Exploit_3000
Explanation of nsctf2015 - yhzx Chu 2013
Reverse_100
Reverse_250
Reverse_400
Reverse_500
Contestants say the competition
"It's a great honor to be invited by the organizers to write this article. Generally speaking, it is reasonable to design this competition as a qualification competition for students. Because the web doesn't do much, it won't comment (or worship everyone's AK web bull). Look at the beauty of the scoreboard in the first place.
"For the reverse part, there are mainly three stages. The first two questions are basic windows reverse. The second two questions examine Python reverse. This knowledge is relatively new. The last two questions are the comprehensive benefits of expand and reverse.
"Exploit 1500 is not so difficult. Many students are scared when they see the questions and scores (I was also scared at the beginning). In fact, the reverse difficulty of this question is not so big. After the reverse, the loopholes are easy to find. Finally, the construction of exp depends on personal experience. The suggestion here is to pay more attention to some hint left by the author in the topic, such as the helper section.
"In comparison, the expand 3000 is more complex. At the beginning, I planned to give up, but when I saw my ranking keep falling, I thought it would not work, so I began to dig holes."
Challenges and challenges
In order to let you experience the highlights of the online game, Lvmeng technology blog communicates with nsctf organizers and specially opens a topic (reverse 1500) for you to practice. This program has its own vulnerabilities. We need to find the vulnerabilities of this program through reverse analysis, construct our own vulnerability utilization program, and complete the task of executing arbitrary code. The test points of this topic include 1 protocol of analysis program; 2 protection of bypass system such as ASLR and DEP; 3 construction of shellcode to complete utilization. At present, there are 13 teams to complete this question (the answer is here to expand 1500, please don't read the answer first)
Nsctf Northwest University network security attack and defense competition is organized by Green League technology research and development center, aiming to popularize network information security knowledge, improve the awareness of network security attack and defense, and recommend information security talents. It is reported that the market gap of information security professionals in China is about 500000 at present. Although more than 100 colleges and universities have set up information security majors, with the development of the industry, such as finance, securities, transportation, energy, customs, tax, industry and technology, the demand continues to increase at the rate of 10000 per year.
However, organizations such as society, industry, enterprises, colleges and universities, training institutions and so on have different understandings on the concept of information security personnel training, with different emphases and differences. But one thing is certain. Theory needs to go to actual combat finally, and network security is a process of personal confrontation, which is full of divergent and reverse thinking A lot of protection inspiration is even drawn from other industries, which is the original intention of the establishment of Lvmeng science and technology attack and defense laboratory.
Green League science and technology attack and Defense Laboratory
Since 2012, Green Alliance Technology "key technology of network attack and defense Beijing Engineering Laboratory" Since it was officially reviewed and publicized by Beijing Development and Reform Commission, Lvmeng science and technology attack and defense laboratory and program have been continuously improved. Starting from online experimental education and attack and defense competition, a technical support platform for enterprise internal security personnel training has been established to ensure that enterprises can train internal security personnel efficiently and conveniently. Compared with this competition, the Green League science and technology attack and defense laboratory system is more complex and perfect. We will introduce it in the following articles.