[cs615asa] CtF and end of semester

Jan Schaumann jschauma at stevens.edu
Sun May 23 21:36:43 EDT 2021 

Hello,

Congratulations to all teams on successfully
completing the CtF!  I hope that you all had at least
some fun trying to solve the problems and perhaps
managed to internalize some of the lessons from the
semester.

Specifically, my intention was for you to apply and
reinforce the following:

- level 0 and onwards: using PGP

It's useful to know how to use asymmetric key
cryptography to sign and encrypt data for multiple
recipients.

- level 1

Writing a short little script to iterate over the
network space, and to perform filesystem traversal and
search including for files and directories that
contain weird characters

- level 2

Going to the source and making HTTP requests,
understanding that path escapes can lead to system
compromise.

- level 3

Understanding that an insecure PATH can lead to
arbitrary command execution and to be able to speak
SMTP on the protocol level.

Being able to stand up EC2 dual-stack instances and
performing network reconnaissance via port scanning
for IPv4 and IPv6.

- level 4

Using tcpdump to intercept data on the wire.

- level 5

Reading DNS requests and understanding that being able
to modify the DNS result a service relies on can allow
you to redirect or intercept traffic; being able to
create accounts with the right permissions and
troubleshooting connections between different systems
by observing and analyzing the logs; being able to go
beyond simple file formats to understand that files
are just a sequence of bytes and you can read any
bytes from anywhere.

I also hope that you were able to practice remote team
collaboration, and I'm glad I saw you help each other
out solve the problems without simply giving away the
solutions.


Based on the levels solved, hints requested, and help
required, each team will receive points as follows:

Teams Quad Core and ; DROP TABLE groups; : 100
Teams Hamd and ???? : 90


With this, all points are now available, and I've
submitted your letter grades, which concludes our
semester.

Best of luck in your future careers, and I hope that
you will be able to go back to some of the things we
covered in this class as you move forward.

-Jan

P.S.: Please remember to fill out the Stevens course
survey for this class to help me improve the class for
the next time.

More information about the cs615asa mailing list