Today we have a guest who is strong at the same time in CTF and freestyle wrestling, a member of the LC↯BC team, one of the world’s top, and a researcher with great experience, Omar Ganiev AKA beched.
– Write an article for young researchers in "Hacker"!
– Tell us about your company Deteact. Is it true that your many years of experience in information security allows you to use tools such as Acunetix and sqlmap?
– That's right! I also note that daily grueling workouts allow us to insert quotes into query parameters faster than anyone, and knowledge of the Format Painter tool in MS Word is necessary to obtain a Senior position in our company.
– How was the experience of working in information security companies useful?
– To whom, to society? But the information security industry is a parasite on the body of mankind! But the main personal benefit I can call the horizons obtained from testing a variety of infrastructures and studying various business processes and their threats.
– Remember your first CTF. What skills and experience helped in solving tasks? What is worth pumping to young specialists?
– Of course, you need to pump cunning, resourcefulness, the ability to exchange decisions with other teams, conduct DoS attacks on other teams, exploit the race condition in a scorboard, climb to the root on the task servers and steal flags from other tasks, beg for flags in the IRC and whine there, look for other people's solutions on Pastebin and so on. In general, everything is as in life! But seriously, you need to pump mindfulness, perseverance, the ability to read code, knowledge of a large number of technologies and attacks.
– What captures do you do besides capturing the flag?
– Wrestling and raider, there are! Well, and captures of attention.
– Does CTF earn money? In the photo above, we counted about 3200 rubles. How much have you won in the last two years?
– There are more trump photos with bucks =) We, as the LC↯BC team, won something like 200 thousand dollars for 2018-2019, so you won’t make much money. We began to share the won funds only recently. Winning is just a side effect, because CTF is primarily a hobby, and we actively participate in competitions without prizes.
– Continue the joke: “Three CTF-eras come into the bar …”
– And the bartender says to them: “It would be better if they made a reservation!”
– Give five information security tips for our readers.
– Throw it before it's too late; learn technology, not just tools; study business and economics to understand threats; be tolerant of transgender people, drug addicts, CTF-erams, etc. Well, learn OPSEC from the mistakes of others!