Skip to main content

Cyber Security Practice

·530 words·3 mins
Web Development Cyber Security CTF
Josh
Author
Josh
I’m a Year 12 student studying Data Science and Web Dev, looking into a future in Cyber Security

Introduction #

As you may or may not know, I love cyber security, and with the upcoming Lockheed Martin Cyberquest competition (and the Year 11s being on their camp) the Year 12s had the class to themselves, and so we decided to do some practice in cyber security.

Overview #

We had talked previously about the best places to go in order to practice the skills required for the competition, and so we decided to go with PicoCTF. We had previously done a few of the challenges on there, that being last year in the pracice day for the PeCan+ competition, and so we decided to do some more practice in some of the other areas and strategise our attack for CyberQuest, which involved each member of our team specialising in a specific area for the cyber security questions such as web, crypto, forensics, etc.

The Challenges #

(Not running through them here) #

In the lesson though, we looked into forensics specifically and how people hid files in files and the bytes in headers and such to hide data and files. There were 3 challenges that we did in the lesson, those being (and I’ll link the writeups for them here):

I won’t go into these much, as I don’t want to spoil them for those who want to do them, but I can say that for forensics, looking into the hex data is extremely useful for finding hidden data and files, as you can see the literal bytes of data that the files are made up from and see what each of these mean (including the useful iend byte to indicate the end of the file, where you can hide more data afterwards). The other issue is that I have no images or code saved on my computer for the challenges, as we did them as a class, brainstorming different methods of attacking the problem, and when we couldn’t get it, using the writeups to help us through the final seteps we didn’t get in the end.

Reflection #

We had a good go at all of the challenges, and I think we did pretty well, although we weren’t able to get those last few steps to get the flag, so we had to look to the writeups to get the final steps and gain a better understanding of the different concepts required to complete the challenges. I think that this was a good practice for the competition, and I believe that we will be able to do well in the competition as long as we keep practicing, as the practice was able to show us that we aren’t at an optimal level of skill yet, and so we need to keep practicing to get to that level.

To reflect back; although we didn’t do that much outside of the cyber security challenges during the web dev lessons, we were able to get a great understanding of a few of the useful concepts in cyber sec that will aid me in the upcoming competition and hopefully in the future as well if I can continue the pursuit of cyber security as a career.