DownUnderCTF Experience
Over the weekend my team, CAPTCHA The Flag & I competed in the DownUnderCTF managing to rank in the 80th percentile, learning a lot throughout the event.
Through DUCTF, I participated from the other side of what I usually partake in as a software developer, this as a red team member, trying to maliciously exploit code. Through this CTF, I found the dangers and hurdles enterprise developers must account for when developing enterprise-ready code, ensuring both functionality and security.
From this, I discovered the importance of running managed code, and the pitfalls of C and similar languages concerning RCE (remote code execution). RCE is where through buffer overflow hackers can overwrite memory addresses to forcefully run code. Additionally, through the cryptography challenges, I found the importance of using an up-to-date and secure cryptography method as I discovered how easily these can be reversed if not correctly implemented.
Overall, this was an enlightening experience and has, as a result, exposed me to these common security pitfalls that most software developers overlook when developing code, and I'll be more considerate of them in the future. I thank the DUCTF organizers once again for the opportunity of participating and I wish my team all the best for their future endeavors.