Hacking as a hobby #5 (DIMICTF)

Hacking as a hobby, hacking as a hobby.
※ "Hacking as a Hobby" content only focuses on legal hacking to contribute to a safe information security ecosystem.

< To view the course content in book form: Paper book/e-book (link) >

Hacking as a hobby #5 (DIMICTF)

Here, we'll master the 2019 DIMICTF Preliminary Challenge (which is said to be more difficult than the final). We'll practice every challenge from start to finish.

DIMICTF is sponsored by the Ministry of Science and ICT and the Korea Information Technology Research Institute.
This is a domestic hacking competition hosted and organized by Korea Digital Media High School.

If you master all the course content, you will be able to solve challenges that the winning team couldn't, and as your skills improve, you will be able to challenge yourself in more difficult hacking competitions in the future.

Hacking competitions cover four main areas: the portable area, which involves system hacking and primarily aims to seize authority ; the reversing area, which involves disassembling software and searching for key information hidden somewhere inside, like a treasure hunt ; the web area, which involves bypassing a website's lax security procedures to extract key information; and the mask area, where vulnerability detection is more important than specific knowledge.

You will learn about finding Easter eggs that developers have secretly hidden, uploading files with specific extensions that are blocked from being uploaded, creating attack codes one by one in machine language , invading inaccessible memory areas to trigger unplanned functions, restoring obfuscated software to its original state, and injecting various special characters in combinations into user-interactive areas such as login pages to activate hidden functions .

By practicing various challenges that incorporate the above content, you will learn how to identify and address vulnerabilities . Specifically, the course includes theory and practice on bugs and vulnerabilities related to the keywords mentioned in the image below.

To ensure effective learning, we provide a virtual image that recreates the actual competition situation . This allows you to practice as if you were participating in the competition. We also cover how to install and use tools. Tools used include Ghidra, GDB-PEDA, JD-GUI, Checksec, and Uncompyle6.

The lecture focuses on minimizing individual learning by discussing both phenomena and principles, but if you have any questions, please use the Q&A board on the Naver Cafe "Hacking as a Hobby (link) ".

For further details, please refer to the prologue video, which contains answers to the questions below.

▶ What is an effective way to study?
▶ How is the lecture conducted?
▶ What is your relationship with "Hacking as a Hobby #1-4"?
▶ What are the differences from other courses?

Check out the "Hacking as a Hobby: A Gentle Beginner" roadmap.