Posts tagged "Capture the Flag"

The Adobe Team Reigns Again at the Winja CTF Competition

Posted on March 7, 2017 by | Comments (0)

Nishtha Behal from our corporate security team in Noida, India, was the winner of the recent Winja Capture the Flag (CTF) competition hosted at the NullCon Goa security conference. The Winja CTF this year comprised of a set of simulated hacking challenges relating to “Web Security”. The winning prize was a scholarship from The SANS Institute for security training courses. The competition saw great participation with almost 60 women coming together to challenge their knowledge of the security domain. The contest is organized as a set of rounds of increasing difficulty. It began with teams of two or three women solving the challenges. The first round comprised of multiple choice questions aimed at testing the participant’s knowledge in different areas of web application security. The second round comprised of six problems where each question comprised of a mini web application and the participant’s task was to identify the single most vulnerable snippet of the code and name the vulnerability that could be exploited. The final challenges pitted the members of winning teams against each other to determine the individual winner. We would like to congratulate Nishtha on this well-deserved win! This marks the second year in a row that some of our participating Adobe team members have won this competition.

Adobe is an ongoing proud supporter of events and activities encouraging women to pursue careers in cybersecurity. We are also sponsoring the upcoming Women in Cybersecurity conference March 31st to April 1st in Tucson, Arizona. Members of our security team will be there at the conference. If you are attending, please take the time to meet and network with them. We also work with and sponsor many other important programs to encourage more women to enter the technology field including Girls Who Code and the Executive Women’s Forum.

David Lenoe
Director, Product Security

Adobe Security Team Members Win Recent CTF Competition

Posted on March 16, 2016 by | Comments (0)

Kriti and Abhiruchi from our corporate security team in Noida, India, were crowned the winners of the recent Winja Capture the Flag (CTF) competition hosted at the NullCon Goa security conference. Twelve (12) teams competed in this year’s contest. We would like to congratulate Kriti and Abhiruchi on their win. Adobe is an ongoing sponsor of the Nullcon conference. This competition was created by women to encourage their peers to enter the field of cybersecurity. It is a complete set of simulated web application security hacking challenges. Each challenge is separated into small tasks that can be solved individually by the competitors on each team. Each team works through the timed two (2) hour duration of the event in an attempt to attack and defend the computers and networks using prescribed tools and network structures.

Adobe is a proud supporter of events and activities encouraging women to pursue careers in cybersecurity. We are also sponsoring the upcoming Women in Cybersecurity conference March 31st to April 2nd in Dallas, Texas. Members of our security team will be there at the conference. If you are attending, please take the time to meet and network with them.

David Lenoe
Director, Product Security

Hacktoberfest 2015

Posted on October 29, 2015 by | Comments (0)

Autumn has arrived, and National Cybersecurity Awareness Month with it. We wanted to celebrate and raise awareness about security at Adobe. What could be better than bringing hands on training, a capture the flag competition and beer together in a single day across the world? That is exactly what we did and we called it Hacktoberfest.

Around 160 people in the US, Europe and India came together on October 14th to take part in a full day focused on security. The day progressed from a broad, hands-on threat modeling training to learning tools like Burp Suite to a Capture the Flag event for prizes.

We saw a lot of new faces at this event; no doubt due to the prizes offered for the capture the flag. There was also a diverse skill set present in the room; from people in nontechnical roles to those that have a lot of experience pen testing internally. We learned that our community is hungry for training and a deeper understanding of security. All of the material, except for one training, was developed in-house.

When most people’s interaction with security training is spent with computer-based training, there is great value in bringing people together in a face-to-face event where they can interact not only with the trainers, but also with each other. While we’ve done smaller, more targeted trainings in the past, this was the first truly global event.

People really loved the hands on nature of the day, we had responses like: “I thought the capture the flag event was incredibly fun and engaging.” and “I liked the demonstration on how to use Burp Suite to attack a service/site.”

One of the unique aspects of the day was its global nature. Essentially two events were run, one in the US time zones and one in India. We did our best to create the same experience for the two groups while paying attention to their different content needs. All presentations were local and questions could be answered in real time.

Of course, the most popular event of the day was the Capture the Flag event. One of our researchers, took it upon himself to create an environment to host the game. It’s called WOPR and we will be providing more information on it soon. Two other researchers worked to create the challenges for the game.

There was quite a lot of energy in all of those conference rooms as people engaged with the training and the competition. The most important lesson we learned from this exercise is that people at Adobe, all around the world, care about securing our products.

 

Josh Kebbel-Wyen
Sr. Security Program Manager, Training

Adobe is a Sponsor for the Nation’s Largest Student Cyber Security Competition

Posted on December 4, 2012 by | Comments (0)

ASSET team members Karthik Raman, Bronwen Matthews and I recently attended the NYU Poly CSAW IX Cyber Security competition  in Brooklyn, New York. The annual event first took place in 2003 and has since grown from a small, local cyber security competition to a worldwide event. This year, more than 10,000 students from high school to Ph.D level registered to compete in a total of seven CSAW challenges.

Karthik and I contributed four Web challenges to the “Capture the Flag” competition, which were designed to be similar to real-world scenarios hackers face. The challenges were related to commonly found bugs, but required the hacker to deduce the nature of the bug without much feedback from the website. The students responded with a pragmatic approach to the problems, and the competition was won by a team from Carnegie Mellon University. There was also an embedded systems challenge, a forensics challenge and an applied research competition.

Adobe sponsored the “Security Awareness” video challenge, open to high school and college students worldwide. The contest challenged students to develop a consumer-friendly educational video on an important security topic with the theme: “Securing Every Device, Everywhere.” Adobe provided access to the free version of Adobe Creative Cloud for all participants, enabling them to use our latest video production tools. Guest judges from the security teams at Adobe, Microsoft, VMWare, Facebook, and the NSA selected the final winners. The first place winner of the challenge this year was Ethan Bain of the Illinois Mathematics and Science Academy in Aurora, Illinois. You can watch his winning video here.

The first day of the event focused on mobile security, with presentations from Dan Guido, Vincenzo Iozzo and Dino Dai Zovi from Trail of Bits, as well as Mike Arpaia.  Other presenters included:  Collin Mulliner of Northeastern University, Jon Oberheide of DUO Security, and Chris Rohlf of LeafSR.

Ryan Naraine from Kaspersky Lab moderated an interesting panel discussion entitled: “If a Cybercriminal is Determined to Hack You, Can You Do Anything About it?” Panelists included representatives from Kaspersky, Harvard University IT and NYU Poly.

The high school students competed in a challenging, live security quiz, sponsored by DHS. (We played along in the audience. Let’s just say we got most of the answers right.)

It was a fun couple of days. We met some excellent students doing interesting and important work in security. It is reassuring to know that the next wave of security researchers coming out of some of our high schools and colleges are way ahead of the game in cyber security.

Rajat Shah
Security Researcher
Adobe Secure Software Engineering Team (ASSET)