Recently
November 2022 #New series of Forensic challenges
Winter is coming, but don’t worry, you’ll have something to warm you up with a new series of Forensic challenges !
You will be able to approach many different fields :
First set of Forensic challenges on Windows / Active Directory
The first set of Windows / Active Directory challenges is now available in the Forensic category !
- Windows - LDAP User ASRepRoastable
- Windows - NTDS Secret extraction
- Windows - LDAP User KerbeRoastable
Huge thanks to Podalirius for these challenges ! 🦋
Registration and Planning CTF Root-Me
We announce the start of registration for this weekend’s CTF Root-Me!
You can register by following this link:
➡️ https://ctf10kd.root-me.org/register
Registration code : RootMe4TheWin
📢 Here’s also the schedule of conferences during the weekend on Twitch https://www.twitch.tv/rootme_org :
Vendredi 21/10
- 19h - @voydstack - Writing shellcodes for dummies
- 20h - @Arsouyes - The history of hacking part 1
- 21h - @Amossys - Human resources recruitment in the CyberSecurity sector
Samedi 22/10
- 14h - @Hugo VINCENT - Synacktiv - Finding java deserialization gadgets with CodeQL
- 16h - @Elf - From kernel module to eBPF
- 18h - @Elf - Fusée gelée
Dimanche 23/10
- 14h - @Arsouyes - The history of hacking part 2
- 18h - @BlackRaven - An introduction to RSA
The CTF will end Sunday at 8pm followed by the announcement of the winners and prizes. 🏆
En récompense :
- Customized Root-Me Clothing
- Goodies
- Premium
- Discount on premiums
Don’t forget to join the Discord to keep up with upcoming conference and CTF announcements
See you Friday at 7pm (UTC+2) for the beginning of the conferences and at 8pm for the launch of the CTF
GreHack 10th edition in Grenoble
For the 10th consecutive year, the Grenoble hacking conference, GreHack22 is organized by the association Securimag!
After 2 years in online format, the GreHack conference returns in force with a new formula.
The program:
- CONFERENCE : Friday 18 all day. Various topics around infosec: program announced soon.
- WORKSHOP : Friday 18 afternoon. Various topics around infosec: program announced soon.
- PARTY : Friday 18 night. THE social event to talk about security and drinking beers. 🍻
- CTF : Saturday 19 all day. A 8-hour competition for beginner and experienced hackers.
Dates: November 18 & 19 2022.
Opening of the registration: October 15th.
More information on the website: https://grehack.fr
Follow us on Twitter for the latest news: https://twitter.com/grehackconf
They are waiting for you, and don’t forget: "new is still not always better" 😎
Review of the challenges
As methodologies, tools and technologies evolve, we have decided to re-evaluate the point value of some of the platform’s challenges.
We believe that some of them may have been undervalued/overvalued at the time of their release, or that over time others have become easier to achieve.
Therefore, as of today, the following changes have been applied to all the challenges below. Please take into account the server cache if some of the changes do not appear.
App-Script:
° Bash - Quoted expression injection (UP) : 25 -> 30 points
° Bash - Race condition (UP) : 25 -> 35 points
° Bash - Restricted Shells (DOWN) : 70 -> 60 points
Realistic:
° Well-Known (UP) : 35 - > 45 points
° Root me, for real (UP) : 50 -> 70 points
° Django Unchained (DOWN) : 60 -> 50 points
° Red Pills (DOWN) : 80 -> 70 points
Web-Server:
° PHP - Unserialize overflow (UP) : 40 -> 55 points
° Node JS Protoype Pollution Bypass (UP) : 35 -> 45 points
° File Upload Polyglot (UP) : 40 -> 45 points
Steganography:
° WAV - Noise Analysis (DOWN) : 15 -> 10 points
° George and Alfred (DOWN) : 15 -> 10 points
° Base Jumper (UP) : 25 -> 35 points
° Hide & Seek (UP) : 25 -> 45 points
° Angecryption (UP) : 30 -> 35 points
° Crypt Art (DOWN) : 35 -> 25 points
Forensic:
° Rootkit coldcase (UP) : 45 -> 50 points
° Multi Devices (UP) : 40 -> 45 points
Network:
° RipV1 - No Authentication (UP) : 40 -> 55 points
° RF Key Fixed Code (DOWN) : 30 -> 20 points
Cracking:
° Powershell Deobfuscation (DOWN) : 40 -> 30 points
° Godot Mono (DOWN) : 25 -> 20 points
° Root My Droid (Change of category) : previously Forensic
° Insomni’Droid (Category change) : previously Forensic
We are listening to the Root-Me community and if you think that some challenges should still be re-evaluated, do not hesitate to inform by private message a member of the @QA team on Discord specifying the challenge as well as the reasons why you would like to see it re-evaluated 😄.
Sincerely,
The Root-Me team.
Oteria Cyber Cup - First edition of the CTF
Registration launched for the first edition of the Oteria Cyber Cup. The CTF is organized by our sponsor Oteria Cyber School and will take place on December 17th from 10am to 5pm.
The event is open to all students from Bac+1 to Bac+4, in teams of 4 to 5 people
- 7 hours of challenges: Web Pentest, OSINT, Hardware, Reverse Engineering, Application vulnerabilities, Reconstitution of crushed documents,...
- Challenges designed by Franck Ebel, Julien Métayer, Jerome Hennecart and the Renault Digital teams
- 1750 € cash prize
- Interviews for a work placement with one of the event’s sponsors from September 23 for the team members of the Top10 teams
- Sponsors : Renault Digital, Advens, the DRSD
The challenges of this first edition will be centered around the theme of the Autonomous Car. Renault Digital teams will notably install a circuit of Robocars, mini autonomous cars, for the hardware challenge.
The challenges have been designed to be progressive and the first levels are accessible to all students with a background in computer science, networking, programming,... Only the best students can hope to get all the flags.
Whether you want to discover the Capture The Flag or to test yourself on the most complex flags, everyone will find something to do!
Places are limited to 20 teams - Registration open here: https://www.oteria-cyber-cup.fr/inscription
New series of challenges: Realist
A new series of challenges from the Realist category is available!
Thanks to das, CanardMandarin, and Mizu for these challenges! 😎
Migration of Ethereum challenges
Because of the end of life of the Ropsten testnet, the Ethereum programming challenges have been migrated to the Goerli testnet. This does not impact the difficulty of the challenges.
– https://blog.ethereum.org/2022/06/21/testnet-deprecation
– https://www.alchemy.com/the-merge
CTF - 10K members Discord
The Discord Root-Me server has now more than 10K members! Thanks to you for joining us 🙏 😁
To celebrate this correctly, we are preparing a nice event 👀
Save the date: Friday 21 to Sunday 23 October
On the agenda: a CTF with the categories #pwn #reverse #web #crypto #forensic #programming and #OSINT 🔍
As well as several Twitch conferences and surprises planned for the winners : 🏆
– Goodies
– Premium discounts
– Premium access
You will soon be informed about the registration process and the schedule for the event!