You are given different categories of challenges ranging in difficulty from easy to hard, and players are awarded points for challenges completed.
The program you received is running as a service on a remote machine. Reverse-engineer it, figure out its vulnerability, and use that to take exploit the remote service into serving you a flag. Often, there’s a flag.txt you can get the program to read, or perhaps it has a flag in memory you need to get it to accidentally send you.
In this category, you’ll attack poorly implemented crypto, outdated crypto, or use well-known vulnerabilities to attack encrypted messages. You might be given for example a few RSA keys whose modulus share a factor, and you decrypt a message encrypted by one of these keys
This is a fairly broad category. You might receive an image of a disk in FAT format, and you’ll need to un-delete “flag.txt”. Maybe you receive a zip file, that contains a 7z file, that contains a tar archive, that contains some obscure file format you’ve never heard of, and unpacking the entire chain eventually gives you a flag.
Misc is, well, miscellaneous. In this category you will be given various tasks such as a program that will output the key, if you can get them to run correctly. This could also be a bitmap image, printed out in Base64 over several pages of tractor-feed paper, that you need to OCR...
In this category, you’ll typically receive a packet capture dump, and you’ll try to decode, analyze, and interpret it, using tools such as Wireshark. Maybe a simulated user was sending their password in plaintext, and you have to retrieve it.
This category involves writing code (typically with high level language.)to solve certain types of security problems. You will write a client side script of an encryption service, write shellcodes with limited set of instructions, to break a captcha or just to automate a task.
In this category You'll receive a program, but not the source, so you need to disassemble it, look at the assembly, and figure out what it does. Programs can be x86 Windows, x86 Linux, ARM Linux, obfuscated Java, and a whole bevy of more obscure formats
Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities.
Steganography is the art of hiding a secret message in plain sight, and it leads to a variety of implementations and challenges. yoU might be given an image, where all the blue pixels can be filtered out to reveal a seCret message. maybe an innocuous Http transfer hides A Secret flag. or maybe a video file, That’s been subtly watermarked witH the secret flag. maybe a paragraph of text hIdes a secret message in the capital letterS