Recently
March 2022 #New cryptanalysis challenges
A new series of cryptanalysis challenges is available:
– PHP - mt_rand
– FEAL - Differential Cryptanalysis
– Side Channel - AES : first round
– Side Channel - AES : CPA
Thanks to Tosh, cb34, walafc0, NonStandardModel for their contributions!
New school: OTERIA CYBER SCHOOL
We are pleased to welcome a new Expert sponsor to support our community: OTERIA CYBER SCHOOL.
The school will open its doors in September 2022 to train the new generation of cybertalents.
Most of the first students are Root-Me regulars. Like them, come and convert your cyber fiber into practical realities, apply your talent to the challenges of today’s world.
The school is open to candidates with a minimum education of two years after graduation or two years of professional experience in IT.
OTERIA is :
- An educational program designed by the leaders of the sector (startups and industrial groups)
- A specialized teaching staff from the best institutions: Director of the Cyber Master’s program at Centrale Paris, Incident Responder at Airbus Cybersecurity, Gendarmerie Reservist Commander, Specialist in the fight against cybercrime, Doctoral student in cybersecurity
- A Technical Expert in Cybersecurity training which takes place in 2 or 3 years, entirely on a work-study program, with a level 7 RNCP certified title (ie Master) recognized by the state
- A final year of specialization:
- Architect & DevSecOps option
- Pentest & SOC option
- Governance, Risk and Compliance option
- An innovative campus, pleasant to live in, including a room dedicated to CTFs, located 15 minutes by metro from the Gare Saint Lazare
- A privileged link with partner companies and support in finding your work-study program. Next recruitment forum dedicated to Oteria students on March 18th with Thales, Airbus Cybersecurity, Renault, KPMG, Almond, SNCF, Sopra Steria, etc.
- Innovative and operational training tools including Root-Me PRO game environments
Make an impact and be part of the elite of cyber defenders anchored in the world around us by joining OTERIA.
To apply, visit https://www.oteria.fr/candidater?utm_source=RootMe&utm_medium=partnership
If you have any questions, send an email to contact@oteria.fr
New forensic challenges
Here is a new series of mobile oriented forensic challenges.
You will be able to investigate many artifacts present in Android and iOS systems. Three challenges are available: an introduction to the investigation of an iPhone, the exploration of the RAM of an Android, as well as a complete investigation of these two types of phones.
New Web challenges : client & server
Here is a new series of client and server web challenges.
In this series, you will learn about sometimes little-known vulnerabilites, namely an introduction to Web Socket security, a first challenge about Prototype Pollution in NodeJS and an advanced PHP object deserialization.
Thank you Worty for those new challenges!
New set of challenges in Web Client
Here is a new series of client web challenges on XSS DOM Based vulnerabilities.
- XSS DOM Based - Introduction
- XSS DOM Based - Filters Bypass
- XSS DOM Based - Eval
- XSS DOM Based - AngularJS
Thanks to Ruulian for these challenges!
New set of challenges in Cryptanalysis
Here is a series of challenges to discover new types of hashes that you will generally encounter during pentests on Windows infrastructure. You will learn to recognize them in the outputs of the tools from the Impacket suite.
Thanks to Shutdown, Tidusrose and Podalirius for these challenges!
New App-System challenges
New mitigations make memory corruption exploitation increasingly harder. Therefore, Hackers must prove again their ingenuity against them in order to bypass these protections, and obtain a shell.
Sharpen your app-system skills with this new series of challenges!
- ELF x64 - ret2dl_init
- ELF x64 - FILE structure hijacking
- ELF x64 - File Structure Hacking
- ELF x64 - Heap Filling
- ELF x64 - Advanced Heap Exploitation - Heap Leakless & Fortified
Big thanks to kikko, voydstack and nobodyisnobody for the development of these new challenges!
Toulouse Hacking Convention 2021
We are pleased to announce the 5th edition of the Toulouse Hacking Convention !
Event will take place online, from June 11 to 13 2021.
We organized two different parts :
- On June 11th, at 9 am : conferences and panels,
- from June 12th to 13th : a Jeopardy style CTF with prizes to win !
Get your free tickets here : https://thcon.party !
You can also contribute financially to our event, and get fancy THCon t-shirts and masks.
Follow us on Twitter for the latest news : https://twitter.com/ToulouseHacking
- Dates: June 11 to 13, 2021
- Format: conferences then CTF (Jeopardy)
- Site: https://thcon.party
See you soon !
FCSC 2021
Once again this year, the National Information Systems Security Agency (ANSSI) is back with the France Cybersecurity Challenge (FCSC) from April 23 at 3 p.m. to May 3 at 6 p.m.!
100% ANSSI Challenge, the individual CTF allows all players to test their skills in a wide variety of challenges, and perhaps join the national team that will represent France during the 2021 edition of the European Cybersecurity Challenge (ECSC), in Prague.
At the end of the competition, the best players (top 10 junior, top 10 senior and top 3 in Crypto, Reverse, Pwn, Web and Hardware) will be interviewed by our coaches in order to select Team France, which will defend its colors from September 28 to October 1, 2021 at the ECSC.
To try your luck and keep up to date with the latest information, join the FCSC discord server.
More information on the ANSSI website.