Phishing out the Bugs—Backslash by MIST
Manipal Information Security Team, MIST, hosted Backs\ash, their Tech Weekend for 2019, from 28th to 31st March 2019. The four events—WEB-SEC, Smoked, Cryptohunt, and CTF—were a great learning experience for students who wished to learn about cybersecurity and ethical hacking.
In an era where wars are being waged on the internet and security breaches have become common, Web Security has become the essence of modern day computing. WEB-SEC was organised on 28th and 29th March 2019, and it covered various topics under Cyber Security. The participants got a chance to learn about the vulnerabilities that exist in the program of various websites.
The first day of the event was a workshop where the participants were introduced to the basics of Cyber Security and were given a hands-on experience with the help of Bwapp, a deliberately insecure web application that allows the user to identify bugs and act on them accordingly.
On the second day, the participants applied what they had learnt during the workshop to beat their competitors and emerge victoriously. They were given buggy websites on DVWA(Damn Vulnerable Web Application), and their objective was to find out the vulnerabilities and inform the hosts about the same, for which they would gain points. There was a one-hour time limit, and the individual with the highest points at the end of the time limit would win.
“This is my first time attending a Cyber Security event, and it’s more exciting than I thought it would be. As an amateur, the workshop taught me a lot about the different vulnerabilities a website faces. It was a great learning experience,” said Akash Krishna, a first-year student and tech enthusiast. The organisers who were very satisfied with the turnout had hosted the event to educate the participants on the various challenges they would face while moving forward with their career since cyber Security is one of the fastest growing sectors in the tech industry.
Smoked was a three-day, web-based online quiz competition that began on 29th March 2019. The online contest was organised on the website—smoked.wearemist.in.
This competition boggled the minds of the participants with intriguing questions in every passing round. Each puzzle also included hints. The initial levels were quite generic, with questions based on source codes and puzzles. However, as the levels progressed, the topics revolved around more complex areas such as cryptography, backend, and the inspection of their website.
Uncovering the key to cryptographic codes and investigating web sites, combined with elements of surprise and intellect, Smoked was a successful compilation by Backs\ash.
MIST hosted Cryptohunt, a cryptography themed treasure hunt, on 30th March 2019. The event spanned over the entire academic area of the campus where the participants, in teams of two, had to decipher the message given to them and find the location of their next set of clues.
The event was thoroughly planned for and well executed. A total of three sets, containing ten questions each was presented to the participants. Each of these questions had to be deciphered using a specific cryptographic key. Whenever the participant cracked the code, a location was revealed where a MIST crew member was waiting to hand over the next piece of the puzzle. The final question of each of these sets pointed to the same location.
“Crypto Hunt is the only outdoor event that we host. We’ve tried to combine the art of traditional encryption-decryption techniques with a fun treasure hunt which makes it enjoyable, while at the same time, making it an educating venture. This was the second time we hosted this event. Last time, the theme we chose for the game was Maze Runner, and this time it was Game of Thrones. The event needs both the mental ability, for problem-solving, and the physical agility to run around the campus to a clue before the other team,” said Shashank Goyal, a managing committee member of MIST.
CTF(Capture the Flag)
Sixteen students of MIT took part in CTF with the objective to capture the most number of flags which are specific strings of code with a certain format. The flags were found by solving the given challenges based on the core aspects of cyber-security like cryptography, stenography, PWN, and binary.
The participants took a while to crack the tricks in the challenges, but hints were provided at regular events which kept the event lively and encouraged the participants to keep trying. The participants attempted to capture as many flags as possible and earn points for the same. “Working on organising this event has been a great experience. Making the framework has given me hands-on experience in development and coming up with the challenges improved my logical and analytical skills,” said Mohammed Faizaan Muzawar, the Event Head for CTF.
“The problems were mainly a smart twist on basic concepts and were all about observation. The event was challenging, educative and interesting,” said Arnab Mukherjee, a second-year CSE student who won the event by scoring the maximum number of points. Akash Krishna, a first-year CSE student, secured the second place at the event.