First CTF as a web developer

I’ve had the chance to go to ph0wn, an IoT CTF which was held for the second time in Sophia Antipolis. We had 8 hours to find as many flags as we could, either alone or in a team of up to 5 people.

As it was my first CTF and, being a web developer, I had only basic security knowledge. Nevertheless it was a lot of fun and I’m eager to do more CTF and learn more about IoT security.

Here are a few things that I loved about this event.

Firstly, even though this CTF is classified as hard, it is very welcoming for people with little knowledge. Every team at least found one flag, which is encouraging to continue searching for more!

Furthermore, the staff crew was amazing and the organisation was on point. As soon as we arrived, we were assigned a table and a staff member gave us the required information to access the challenges.

In addition to that, the location was great, it was in the Learning Centre of Campus SophiaTech. There was enough room for everyone and it did not feel like we were crammed in a small space. Thanks to that, the noise level wasn’t overwhelmingly high.

We were also provided with food and soft drinks, and it was great! We had a buffet of small sandwiches, pizza, cheese, charcuterie and bread. There was plenty for everyone and the choices could accommodate anyone.

Lastly, almost every time a challenge was completed, you could hear cheers of joy from the team who found the flag.  The first few flags found were announced and a round of applause could be heard.

Now onto the challenges!

Most of the challenges were based on IoT devices, as you could expect from an IoT CTF. There were also some android app reverse engineering as well as a ‘Retro’ challenge which consisted of a modified Pacman ROM and you had to play to find the flag.

As I expected, most of these challenges required knowledge that I didn’t have yet.  So I followed along with what my teammate was doing and explaining and we tried to find flags together that way.  Unfortunately, we weren’t prepared for this kind of challenges and only managed to get two flags. We were close to get two more flags but were going in the wrong direction and finally decided to stop there because we couldn’t see the end of it. We’ll do better next year!