Hacking into Thrills: My Digital Defenders CTF 2023 Experience

Have you ever wondered what it takes to navigate the intricate world of cybersecurity and emerge as a digital defender? Well, I had the incredible opportunity to embark on such a journey through the Digital Defenders Program 2023, a cybersecurity event that left me both enlightened and exhilarated.

At Digital Defenders 2023, a collaboration between IISc-CNI and CySecK, industry leaders, experts, and enthusiasts gathered to explore the latest advancements in cybersecurity. Among them, Cisco and bi0s, both well-established in the field, led the educational efforts. Cisco, known for secure infrastructure solutions, provided invaluable insights into best practices, while bi0s, India's top-ranked Capture The Flag team, shared their profound understanding of cybersecurity challenges and strategies.

Adding a thrilling edge to the event was Traboda, a platform created by the bi0s team, designed to ignite the cybersecurity enthusiast in everyone. Traboda's array of engaging activities and competitions transformed the event into an immersive learning experience.

As I reflect on my experiences at Digital Defender 2023, I am immensely thankful to Cisco, bi0s, Traboda, and IISc for their remarkable contributions. Cisco and bi0s, through their webinars, expanded my knowledge and provided practical insights. Traboda's platform and challenges pushed me to test my skills and think outside the box. The support and infrastructure provided by IISc and CySecK ensured a world-class event that has left a lasting impact on my cybersecurity journey.

I encourage all cybersecurity enthusiasts to seize the opportunity to participate in future editions of the Digital Defenders Program. With the combined efforts of Cisco, bi0s, Traboda, and IISc, this event promises to be a transformative experience, empowering participants to become digital defenders to promote a safer cybersecurity space for everyone.

The Program Schedule: A Dive into the Webinars

The event unfolded a series of webinars, each a treasure trove of knowledge. Let's dive into the highlights:

Webinar 1: Network Security with Akshay Dubey

The journey through Digital Defender 2023 began with a captivating webinar on Network Security presented by Mr. Akshay Dubey, a Senior Technical Leader at Cisco Systems India Pvt. Ltd. In this enlightening session, Mr. Dubey unraveled the intricacies of network analysis, shedding light on essential tools like WireShark and Scappy.

Mr. Dubey's session provided in-depth insights into various aspects of network security. He elucidated the different types of networks, explained the layered structure of computer networks, and emphasized the TCP/IP model. With practical demonstrations, he showcased how WireShark can be leveraged for investigative purposes, allowing participants to gain hands-on experience in network analysis.

The webinar's interactive nature was exceptional, as Mr. Dubey attentively addressed all queries and doubts, guaranteeing a thorough grasp of the subjects discussed. His expertise and eagerness to help fostered a supportive atmosphere, especially advantageous for novices like me.

Overall, Mr. Dubey's webinar marked a brilliant start to the event, providing valuable insights into network security and equipping participants with essential knowledge and practical skills.

Webinar 2: The Anatomy of a Cyber Attack with Harikrishnan Jayachandran

The second session on Network Security was conducted by Mr. Harikrishnan Jayachandran, a Software Engineer at Cisco Systems India Pvt. Ltd. Mr. Jayachandran delivered an enlightening session on “The Anatomy of a Cyber Attack with MITRE ATT&CK Framework.”

One of the session’s highlights was Mr. Jayachandran’s ability to explain complex concepts in an engaging and accessible manner, making it enjoyable for participants to learn about new terms and delve deeper into the topics.

Furthermore, Mr. Jayachandran actively encouraged interaction and welcomed participants’ questions, demonstrating his commitment to ensuring a comprehensive understanding for all attendees.

Webinar 3: Unveiling Web Security and Penetration Testing with Mr. Kaarthik Sivakumar

In the third webinar of the series, Mr. Kaarthik Sivakumar, a Principal Engineer at Cisco Systems India Pvt. Ltd., expertly navigated attendees through the complex world of web security and penetration testing. He thoroughly explained fundamental concepts including web application architecture, request types (GET and POST), and the same-origin policy, ensuring a comprehensive understanding for all participants.

The highlight of Mr. Sivakumar's session was his hands-on approach. He introduced us to essential tools like Burp Suite, Curl, Postman, and web browser developer tools, demonstrating their practical application in assessing and enhancing web security.

Moreover, Mr. Sivakumar explored the intricacies of cookies and elucidated key web vulnerabilities such as Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). His clear explanations and willingness to address questions made this session a valuable learning experience for participants at all skill levels.

Webinar 4: Mastering Web Security Attacks with Mr. Prapanch Ramamoorthy

Continuing the journey into web security, Mr. Prapanch Ramamoorthy, another Principal Engineer at Cisco Systems India Pvt. Ltd., conducted the fourth webinar. This session delved into different types of attacks that can be launched against websites.

Mr. Ramamoorthy provided insights into backend technologies like PHP, Java, and Node.js, highlighting their vulnerabilities and potential exploitation. Participants learned about the various components that constitute a website's "attack surface," including databases, APIs, and other services.

The hands-on examples using browser inspection tools and exercises from PICO-CTF offered participants practical insights. Topics like cookies, local file inclusion, remote code execution, and SQL injection were demystified, empowering attendees to understand and identify vulnerabilities.

Mr. Ramamoorthy's engaging teaching style and willingness to clarify doubts contributed to an effective and enjoyable learning experience. This webinar enhanced participants' knowledge of website attacks and their ability to bolster web security.

Webinar 5: Unveiling the World of Cyber Forensics with Mr. Abhiram Kumar

The fifth webinar, led by Mr. Abhiram Kumar, an Associate at Kroll Corporation specializing in Cyber Risk, opened the door to the intriguing realm of Cyber Forensics. Participants gained insights into Digital Forensics and Incident Response (DFIR), understanding its critical role in identifying, mitigating, and preventing cyber threats.

Mr. Kumar's comprehensive overview of forensic disciplines, including digital forensics, network forensics, and malware analysis, laid the foundation. He delved into file forensics, using the PNG file format as a practical example to showcase the intricacies of file analysis.

The session proved engaging and enlightening, offering insights into overlooked aspects of cybersecurity. Mr. Kumar's willingness to answer questions, regardless of size, created an open and supportive learning environment. Participants left with a newfound appreciation for DFIR.

Webinar 6: Decoding Steganography and More with Mr. Nithin Chenthur P

The sixth webinar, led by Mr. Nithin Chenthur P, the Forensics Lead of Team bi0s, took us on a journey into the fascinating world of steganography. Participants discovered how data can be concealed within non-secret mediums like audio, images, video files, and text.

Mr. Chenthur shared captivating examples, including how Russian spies used steganography for covert communication. The session explored various steganography techniques and common methods, making use of tools like exiftool, stegsnow, zsteg, and more.

In addition to steganography, participants gained insights into disk forensics and memory forensics using volatility. Mr. Chenthur's expertise and engaging presentation style made the session both captivating and enriching.

Webinar 7: An Introduction to Cryptography with Mr. Sayooj Samuel

The captivating world of cryptography was introduced to participants in the webinar led by Mr. Sayooj Samuel, a Software Engineer at Gen Digital Inc. He elucidated fundamental cryptographic concepts, emphasized the significance of data confidentiality, and demonstrated various encoding techniques, providing an engaging and insightful experience.

Participants explored topics like Kirchhoff’s principle and Shannon’s theorem, along with encoding techniques such as binary, octal, hexadecimal, and base64. The session also included a glimpse into the historical significance of cryptography, exemplified by the Enigma machine.

Mr. Samuel's clear explanations and readiness to answer questions created an inclusive learning environment, making cryptography accessible to participants of all backgrounds.

Webinar 8: Advanced Cryptography Techniques with Mr. Pagilla Manohar Reddy

The final webinar, conducted by Mr. Pagilla Manohar Reddy, delved into advanced cryptography techniques. Participants embarked on a journey into RSA encryption, modular arithmetic, AES encryption, and block ciphers.

Mr. Manohar provided insights into encoding and decoding, the fundamentals of RSA encryption, and the workings of AES encryption. Hands-on exercises and demonstrations ensured participants grasped complex concepts.

Despite the intricacies of cryptography, Mr. Manohar's teaching style made these advanced techniques understandable. His patience and responsiveness to questions fostered an environment of effective learning.

At the end of each webinar, a test was conducted to select top 500 students to participate in the Digital Defenders CTF 2023. I couldn't believe it - I was chosen as one of the top 500 students and secured a spot in the final CTF event!

Capture the Flag (CTF) 2023

"Digital Defenders" was a tailored Capture the Flag (CTF) event, thoughtfully designed for beginners, aiming to initiate them into the intricate world of CTFs while nurturing their grasp of essential cybersecurity principles. The CTF spanned a spectrum of challenges, thoughtfully categorized as follows:

• Web Security: This category honed participants' expertise in fortifying web applications and uncovering vulnerabilities.

• Network Analysis: Participants were tasked with scrutinizing network traffic, employing various methodologies to identify and mitigate potential security risks.

• Digital Forensics: In this category, participants delved deep into the domain of digital forensics, employing investigative techniques to unearth and analyze digital evidence.

• Cryptography:

  In the cryptography category, participants faced challenges decoding encrypted messages, implementing cryptographic algorithms, and exploring fundamental principles of secure communication.

By weaving challenges from these diverse categories, Digital Defenders crafted a holistic learning expedition that bestowed participants with a robust grounding in CTFs and the bedrock concepts of cybersecurity.

The exciting CTF event commenced its journey on July 6th at 8:00 PM and carried on until the night of July 9th, concluding at 11:59 PM. To ensure an enjoyable and manageable experience for all participants, challenges were strategically released in waves, rather than inundating everyone at once. Every 12 hours, a fresh set of challenges was unveiled. This thoughtfully structured approach allowed participants to engage with challenges at their own pace, ensuring that they could immerse themselves in the event without feeling overwhelmed by the sheer volume of tasks.

You can check out my Digital Defenders CTF Writeup for detailed insights into some of the challenges I encountered in this event!

Our heartfelt thanks go to CysecK, Mr. Abhishek Vijaygopal, Mr. Kaushik G.N, and Mr. Harikrishnan Jayachandran for their unwavering support throughout this incredible journey. Their dedication has created a positive and enriching learning environment during the masterclasses.

I want to give a special shout-out to the bi0s team for crafting and offering incredible challenges that truly pushed the boundaries of my skills. Their constant engagement and steadfast support throughout the entire event added an extra layer of enjoyment and gratification. Their responsiveness and readiness to assist, no matter how intricate the questions, added to the overall enjoyment and rewards of the CTF experience

Participating in the CTF event as a first-time contestant and ranking 33rd was an exhilarating experience that pushed my limits, enhanced my skills, and deepened my knowledge in the cybersecurity field.

I feel immensely grateful for the opportunity to be part of such a highly competitive and enlightening event, which has undeniably enriched my cybersecurity journey.