Recently
April 2021 #Another new series of NodeJS challenges ! More and more NodeJS environments...
More and more NodeJS environments are emerging, but security is often overlooked. In this series, you will discover recent and realistic vulnerabilities in these environments.
Many thanks to Mhd_Root, voydstack and Podalirius for creating this set of challenges!
HeroCTF
The HeroCTF (3rd edition) is an online cybersecurity competition open to all, organized by students from IUT de Vannes and ESNA.
This CTF is aimed at beginner to intermediate players, but whatever your level you will certainly find something to please you!
There will be something for everyone with categories like: Blockchain, Cryptography, Forensics, Misc, OSINT, Programming, Pwn, Reverse, Steganography, System and Web.
You can now register your teams of 4 players at https://heroctf.fr/ and aim for the top to try to win prizes!
Start : Friday 23 april - 9 p.m
End : Sunday 25 april - 11 p.m
More information on the Twitter and the Discord of the event.
Midnight Flag CTF
Time travel doesn’t scare you?
Are you a student and want to participate in a beginner / intermediate level CTF?
So do not wait any longer! Prepare your crew of 4 and fasten your seatbelts!
A ticket is waiting for you at this address: https://midnightflag.fr/
Whoami? A group of students from ESNA from Bretagne passionate about infosec.
Pwd? Somewhere in space time.
Date? the night of Saturday April 10 from 8:30 p.m. to 6 a.m.
Locate? Online
More information on the Twitter and on the Discord of the event!
New WebAssembly challenges
You like Web? You like Reverse? We got you covered with these new challenges!
The first challenge will introduce to WebAssembly, while the second will put you in the shoes of a hero in a RPG, challenging you to find the right NPC.
Many thanks to Cyxo for those 2 quality challenges!
New set of challenges : Back to the future
The following challenges, submitted long ago in a galaxy far, far away, are now published:
- ELF x64 - Stack buffer overflow - PIE
- Python - format string
- Lua - Bytecode
- Bash - VM
- PE DotNet - Basic Anti-Debug
- HTTP - IP Restriction bypass
- ELF x64 - Double free
Thanks Esad, Cyrhades, nqnt, govlog, Bernstein, lovasoa, HomardBoy for their more than reasonable patience.
There is something for everyone, happy hacking!
New set of challenges : Node.js
You are certainly familiar with JavaScript, the language we are used to see client side. Well, JavaScript can be used server side!
Thanks to this series of challenges, you will learn to familiarize yourself with Node.
Thanks to Mhd_Root for his work on this series of challenges !
New set of challenges : LaTeX
The LaTeX language is very useful for writing scientific papers with complex mathematical formulas. Although it is very useful, security is not at the heart of the concerns of this language.
In this series of challenges, you will learn how to detect some common vulnerabilities in LaTeX and how to exploit them!
Many thanks to Mhd_Root and Podalirius for their work on this series of challenges !
New support : Discord server
A new communication support on Discord is now available to you.
The Root-Me discord server is publicly accessible through the following invitation: https://discord.gg/wpk8xHr.
Anyone with a Root-Me account can freely join the server and use all the communication channels available to you. It is possible to chat with the Root-Me community, get help with challenges, be in contact with the staff and members of the Root-Me association as well as be kept informed of the latest news and Root-Me projects.
In order to be able to access the server, you must:
– Follow the invitation link with a discord account whose email is verified
– Read and accept the Discord server rules when you arrive
– Have your account verified by the Root-Me#3551 bot by sending it the command by private message:
!verify YourApiKey
You will find your API key in your account settings.
More information on the Discord page.
New set of challenges : Radio Frequencies (RF)
With the Internet of Things, more and more devices are using radio frequencies to communicate. In this series of challenges, you’ll learn to identify and decode the different signals captured and develop your knowledge in radio frequencies!
Many thanks to Podalirius for creating this series of challenges!
New set of challenges: Content Security Policy (CSP)
CSP is a relatively recent technology, allowing to define a security policy that should be applied clientside (web browser). Identify configuration errors and understand the associated bypass techniques with this new series of challenges :
- CSP Bypass - Inline code
- CSP Bypass - JSONP
- CSP Bypass - Dangling markup
- CSP Bypass - Dangling markup 2
Thanks again to CanardMandarin for his work on the subject!