Abusing SUDO Advance for Linux Privilege Escalation – RedTeam TipsJuly 23, 2018
My Six Months Journey in SecureLayer7December 12, 2018
Hey there, I wanted to talk about my experience at SecureLayer7 at Japan’s Code Blue International Conference, Nov 2018.
I’m a Security Consultant at SecureLayer7 who is an Information Security enthusiast with keen interest in learning latest technologies along with playing CTFs’.
I learnt that SecureLayer7 is one of the sponsors for the Code Blue International Security Conference, Tokyo 2018. I had perceived this conference as one of the best international information security conferences and always wanted to be part of it. Soon, I found out that only a handful of people were going to be a part of this event. So, taking advantage of this opportunity, I quickly had a word with my project manager and asked him to grant me a week leave for the same. I also made sure that my on-going projects were taken care of.
Mr Sandeep Kamble, being the CTO of the company asked me to design a CTF challenge for the participants of the Code Blue conference, and this was my very first moment to develop such a challenge. Although I had the experience to design CTF / VulnerableBox for HackTheBox and Vulnhub, this was a more significant opportunity. I was responsible for the designing of the challenge, to configure the CTF portal, as well as manage the CTF hosted servers. My entire team here at SL7 rose up to the situation and helped me to get the whole thing set up before the Big Day. Special thanks to Shrutirupa, Shubham, and Akash for their CTF challenges contributions such as Blockchain/Smart Contract and Hardware/IoT Security Challenges. My design for the challenge was considered, and I earned the opportunity to be a part of this event.
ABOUT CODE BLUE:
Code Blue is an international conference which held in Tokyo Japan, where all the top-notch security consultants come under one roof to give cutting-edge talks and is a place for to exchange information and interact beyond borders and languages. Code Blue invited well-known researchers from all over the world to share their latest findings, experience and achievements to rest of the world. As technology and society move forward and IoT (Internet of Things) is becoming a reality, security is becoming a need of the hour. Thus the We started our journey on 28th October 2018 from the city of Pune with a team of four. We headed to Chhatrapati Shivaji International Airport, Mumbai. Our flight scheduled on the very same day. We had a layover at the Hong Kong International Airport for six hours and then headed to Tokyo, Japan. We reached our destination on 29th October 2018. Internet world also needs to gather researchers to collaborate and think together about ways to respond to emergencies and possible solutions. Code Blue aimed to be a place where international connections and communities form, grow and contributed to a better Internet world by connecting people through CODE (technology), beyond and across the BLUE (oceans).
HERE BEGINS THE JOURNEY:
Our Team of 4 started its journey on 28th October 2018 from Pune city to Chhatrapati Shivaji International Airport, Mumbai. After boarding the flight on the same day we reached Tokyo on 29th Oct 2018.
What better than a familiar atmosphere would help us feel better in a foreign land? And this is exactly what team Code Blue thought of. The Code Blue Event Management team organised a networking party for all sponsors and speakers. In the conference, it was my very first interaction with the delegates and guests. I got well versed with all the ideas which would show up for the upcoming days and was looking forward to the conference.
The Code Blue International Conference kick-started on 1st November 2018. We started off at with our CTF Challenge which named as “Break the Ice Challenge”. The event was where we hosted hardware, web, smart contracts and other hacking challenges for participants. We received registrations of thirty teams and decided to allow three people in each team. This made the headcount as ninety for the challenge. The challenge commenced. What impressed me was the amount of dedication the teams held.
Meanwhile, what I realised that the language was a significant barrier to communication. I leaned towards the Code Blue Event Management team, and they helped me by handing me a device which could easily translate Japanese sentences into that of English and vice versa. We ended up making so many new connections and got introduced to new technologies as well.
2nd November 2018 marked as the second and the last day for The Code Blue International Conference. We had to wind up with the “Break the Ice Challenge” by that evening. We sent an email to all participants regarding the deadline of the challenge and asked them to be present for the prize distribution event. Meanwhile, I tried my hand in car hacking, IoT hacking, Blockchain and Smart Contract hacking challenges. I also attended a talk session wherein I learned about Server-Side Request Forgery (SSRF) attacks, Blockchain and Smart Contracts. The conversation helped me note down many vital points. I met with bug hunters and researchers and received valuable suggestions regarding security and time management constraints.
Got Drink with Dragon sector team. Codeblue CTF Onsite Players.
We declared the team Bizone as the winners for the “Break the Ice Challenge”. It was a pride moment to see our CTO, Sandeep giving away prizes to the winners. By the end of the closing ceremony, we attended a lecture on Cyber Crime which was an informative one. Made some good friends in the closing ceremony. I ate Japanese food in Japanese tradition using Chop-Stick, and I loved a lot of Tuna, Sushi etc.
Apart from the CodeBlue event, our team explored Tokyo as well. We went to SkyTree, Fujji Mountain, excellent parks and did some shopping from malls.
I enjoyed my stay in Japan and got exposure to a new culture, people and tradition. It was a remarkable journey, and Japan served as a fantastic host to all of us.