Recently

A new series of cryptanalysis challenges is available:

– PHP - mt_rand
– FEAL - Differential Cryptanalysis
– Side Channel - AES : first round
– Side Channel - AES : CPA

Thanks to Tosh, cb34, walafc0, NonStandardModel for their contributions!

We are pleased to welcome a new Expert sponsor to support our community: OTERIA CYBER SCHOOL.

The school will open its doors in September 2022 to train the new generation of cybertalents.

Most of the first students are Root-Me regulars. Like them, come and convert your cyber fiber into practical realities, apply your talent to the challenges of today’s world.

The school is open to candidates with a minimum education of two years after graduation or two years of professional experience in IT.

OTERIA is :

• An educational program designed by the leaders of the sector (startups and industrial groups)
• A specialized teaching staff from the best institutions: Director of the Cyber Master’s program at Centrale Paris, Incident Responder at Airbus Cybersecurity, Gendarmerie Reservist Commander, Specialist in the fight against cybercrime, Doctoral student in cybersecurity
• A Technical Expert in Cybersecurity training which takes place in 2 or 3 years, entirely on a work-study program, with a level 7 RNCP certified title (ie Master) recognized by the state
• A final year of specialization:
  • Architect & DevSecOps option
  • Pentest & SOC option
  • Governance, Risk and Compliance option
• An innovative campus, pleasant to live in, including a room dedicated to CTFs, located 15 minutes by metro from the Gare Saint Lazare
• A privileged link with partner companies and support in finding your work-study program. Next recruitment forum dedicated to Oteria students on March 18th with Thales, Airbus Cybersecurity, Renault, KPMG, Almond, SNCF, Sopra Steria, etc.
• Innovative and operational training tools including Root-Me PRO game environments

Make an impact and be part of the elite of cyber defenders anchored in the world around us by joining OTERIA.

To apply, visit https://www.oteria.fr/candidater?utm_source=RootMe&utm_medium=partnership
If you have any questions, send an email to contact@oteria.fr

Here is a series of docker oriented app-script challenges. You will learn how to use docker vulnerabilities in order to escape the containers and access the host system.

• Docker - I am groot
• Docker - Sys-Admin’s Docker
• Docker - Talk through me

Thanks to Nishacid for these challenges !

Here is a new series of mobile oriented forensic challenges.

You will be able to investigate many artifacts present in Android and iOS systems. Three challenges are available: an introduction to the investigation of an iPhone, the exploration of the RAM of an Android, as well as a complete investigation of these two types of phones.

• iOS - Introduction
• Find me on Android
• The Lost Case - Investigation Mobile

Thanks to Worty and Itarow for these new challenges !

Here is a new series of client and server web challenges.
In this series, you will learn about sometimes little-known vulnerabilites, namely an introduction to Web Socket security, a first challenge about Prototype Pollution in NodeJS and an advanced PHP object deserialization.

• Web Socket - 0 protection
• NodeJS - Prototype Pollution Bypass
• PHP - Unserialize Pop Chain

Thank you Worty for those new challenges!

Here is a new series of client web challenges on XSS DOM Based vulnerabilities.

• XSS DOM Based - Introduction
• XSS DOM Based - Filters Bypass
• XSS DOM Based - Eval
• XSS DOM Based - AngularJS

Thanks to Ruulian for these challenges!

Here is a series of challenges to discover new types of hashes that you will generally encounter during pentests on Windows infrastructure. You will learn to recognize them in the outputs of the tools from the Impacket suite.

• Hash - NT
• Hash - LM
• Hash - DCC
• Hash - DCC2
• CISCO - Salted Password

Thanks to Shutdown, Tidusrose and Podalirius for these challenges!

New mitigations make memory corruption exploitation increasingly harder. Therefore, Hackers must prove again their ingenuity against them in order to bypass these protections, and obtain a shell.
Sharpen your app-system skills with this new series of challenges!

• ELF x64 - ret2dl_init
• ELF x64 - FILE structure hijacking
• ELF x64 - File Structure Hacking
• ELF x64 - Heap Filling
• ELF x64 - Advanced Heap Exploitation - Heap Leakless & Fortified

Big thanks to kikko, voydstack and nobodyisnobody for the development of these new challenges!

We are pleased to announce the 5th edition of the Toulouse Hacking Convention !

Event will take place online, from June 11 to 13 2021.

We organized two different parts :

• On June 11th, at 9 am : conferences and panels,
• from June 12th to 13th : a Jeopardy style CTF with prizes to win !

Get your free tickets here : https://thcon.party !

You can also contribute financially to our event, and get fancy THCon t-shirts and masks.

Follow us on Twitter for the latest news : https://twitter.com/ToulouseHacking

• Dates: June 11 to 13, 2021
• Format: conferences then CTF (Jeopardy)
• Site: https://thcon.party

See you soon !

Once again this year, the National Information Systems Security Agency (ANSSI) is back with the France Cybersecurity Challenge (FCSC) from April 23 at 3 p.m. to May 3 at 6 p.m.!

100% ANSSI Challenge, the individual CTF allows all players to test their skills in a wide variety of challenges, and perhaps join the national team that will represent France during the 2021 edition of the European Cybersecurity Challenge (ECSC), in Prague.

At the end of the competition, the best players (top 10 junior, top 10 senior and top 3 in Crypto, Reverse, Pwn, Web and Hardware) will be interviewed by our coaches in order to select Team France, which will defend its colors from September 28 to October 1, 2021 at the ECSC.

To try your luck and keep up to date with the latest information, join the FCSC discord server.

More information on the ANSSI website.