Recently

Winter is coming, but don’t worry, you’ll have something to warm you up with a new series of Forensic challenges !
You will be able to approach many different fields :

• Open My Vault
• The Artist
• Oh My Grub
• Supply chain attack - Python
• Supply chain attack - Docker

Thanks to Nishacid, erk3 and X-nO for these challenges!

The first set of Windows / Active Directory challenges is now available in the Forensic category !

• Windows - LDAP User ASRepRoastable
• Windows - NTDS Secret extraction
• Windows - LDAP User KerbeRoastable

Huge thanks to Podalirius for these challenges ! 🦋

We announce the start of registration for this weekend’s CTF Root-Me!
You can register by following this link:
➡️ https://ctf10kd.root-me.org/register

Registration code : RootMe4TheWin

📢 Here’s also the schedule of conferences during the weekend on Twitch https://www.twitch.tv/rootme_org :

Vendredi 21/10

• 19h - @voydstack - Writing shellcodes for dummies
• 20h - @Arsouyes - The history of hacking part 1
• 21h - @Amossys - Human resources recruitment in the CyberSecurity sector

Samedi 22/10

• 14h - @Hugo VINCENT - Synacktiv - Finding java deserialization gadgets with CodeQL
• 16h - @Elf - From kernel module to eBPF
• 18h - @Elf - Fusée gelée

Dimanche 23/10

• 14h - @Arsouyes - The history of hacking part 2
• 18h - @BlackRaven - An introduction to RSA

The CTF will end Sunday at 8pm followed by the announcement of the winners and prizes. 🏆
En récompense :

• Customized Root-Me Clothing
• Goodies
• Premium
• Discount on premiums

Don’t forget to join the Discord to keep up with upcoming conference and CTF announcements

See you Friday at 7pm (UTC+2) for the beginning of the conferences and at 8pm for the launch of the CTF

A new series of Cracking challenges is available!

• Unity - Mono - Basic Game Hacking
• ELF x64 - Rust Crackme
• APK - Introduction
• PYC - Snakeygen

Thanks to 0x0ff, exti0p, Algorab and erk3 for these challenges !  😎

For the 10th consecutive year, the Grenoble hacking conference, GreHack22 is organized by the association Securimag!
After 2 years in online format, the GreHack conference returns in force with a new formula.

The program:

• CONFERENCE : Friday 18 all day. Various topics around infosec: program announced soon.
• WORKSHOP : Friday 18 afternoon. Various topics around infosec: program announced soon.
• PARTY : Friday 18 night. THE social event to talk about security and drinking beers. 🍻
• CTF : Saturday 19 all day. A 8-hour competition for beginner and experienced hackers.

Dates: November 18 & 19 2022.
Opening of the registration: October 15th.

More information on the website: https://grehack.fr
Follow us on Twitter for the latest news: https://twitter.com/grehackconf

They are waiting for you, and don’t forget: "new is still not always better" 😎

As methodologies, tools and technologies evolve, we have decided to re-evaluate the point value of some of the platform’s challenges.
We believe that some of them may have been undervalued/overvalued at the time of their release, or that over time others have become easier to achieve.
Therefore, as of today, the following changes have been applied to all the challenges below. Please take into account the server cache if some of the changes do not appear.

App-Script:
° Bash - Quoted expression injection (UP) : 25 -> 30 points
° Bash - Race condition (UP) : 25 -> 35 points
° Bash - Restricted Shells (DOWN) : 70 -> 60 points

Realistic:
° Well-Known (UP) : 35 - > 45 points
° Root me, for real (UP) : 50 -> 70 points
° Django Unchained (DOWN) : 60 -> 50 points
° Red Pills (DOWN) : 80 -> 70 points

Web-Server:
° PHP - Unserialize overflow (UP) : 40 -> 55 points
° Node JS Protoype Pollution Bypass (UP) : 35 -> 45 points
° File Upload Polyglot (UP) : 40 -> 45 points

Steganography:
° WAV - Noise Analysis (DOWN) : 15 -> 10 points
° George and Alfred (DOWN) : 15 -> 10 points
° Base Jumper (UP) : 25 -> 35 points
° Hide & Seek (UP) : 25 -> 45 points
° Angecryption (UP) : 30 -> 35 points
° Crypt Art (DOWN) : 35 -> 25 points

Forensic:
° Rootkit coldcase (UP) : 45 -> 50 points
° Multi Devices (UP) : 40 -> 45 points

Network:
° RipV1 - No Authentication (UP) : 40 -> 55 points
° RF Key Fixed Code (DOWN) : 30 -> 20 points

Cracking:
° Powershell Deobfuscation (DOWN) : 40 -> 30 points
° Godot Mono (DOWN) : 25 -> 20 points
° Root My Droid (Change of category) : previously Forensic
° Insomni’Droid (Category change) : previously Forensic

We are listening to the Root-Me community and if you think that some challenges should still be re-evaluated, do not hesitate to inform by private message a member of the @QA team on Discord specifying the challenge as well as the reasons why you would like to see it re-evaluated 😄.

Sincerely,
The Root-Me team.

Registration launched for the first edition of the Oteria Cyber Cup. The CTF is organized by our sponsor Oteria Cyber School and will take place on December 17th from 10am to 5pm.

The event is open to all students from Bac+1 to Bac+4, in teams of 4 to 5 people
- 7 hours of challenges: Web Pentest, OSINT, Hardware, Reverse Engineering, Application vulnerabilities, Reconstitution of crushed documents,...
- Challenges designed by Franck Ebel, Julien Métayer, Jerome Hennecart and the Renault Digital teams
- 1750 € cash prize
- Interviews for a work placement with one of the event’s sponsors from September 23 for the team members of the Top10 teams
- Sponsors : Renault Digital, Advens, the DRSD

The challenges of this first edition will be centered around the theme of the Autonomous Car. Renault Digital teams will notably install a circuit of Robocars, mini autonomous cars, for the hardware challenge.
The challenges have been designed to be progressive and the first levels are accessible to all students with a background in computer science, networking, programming,... Only the best students can hope to get all the flags.
Whether you want to discover the Capture The Flag or to test yourself on the most complex flags, everyone will find something to do!
Places are limited to 20 teams - Registration open here: https://www.oteria-cyber-cup.fr/inscription

A new series of challenges from the Realist category is available!

• DasBox1 : Rififi in the lizardmen
• reQUACKier
• Matrix Terminal

Thanks to das, CanardMandarin, and Mizu for these challenges!  😎

Because of the end of life of the Ropsten testnet, the Ethereum programming challenges have been migrated to the Goerli testnet. This does not impact the difficulty of the challenges.
– https://blog.ethereum.org/2022/06/21/testnet-deprecation
– https://www.alchemy.com/the-merge

The Discord Root-Me server has now more than 10K members! Thanks to you for joining us 🙏 😁
To celebrate this correctly, we are preparing a nice event 👀

Save the date: Friday 21 to Sunday 23 October
On the agenda: a CTF with the categories #pwn #reverse #web #crypto #forensic #programming and #OSINT 🔍
As well as several Twitch conferences and surprises planned for the winners : 🏆
– Goodies
– Premium discounts
– Premium access

You will soon be informed about the registration process and the schedule for the event!