Over the weekend my team, CAPTCHA The Flag & I competed in the DownUnderCTF managing to rank in the 80th percentile, learning a lot throughout the event.
Through DUCTF, I participated from the other side of what I usually partake in as a software developer, this as a red team member, trying to maliciously exploit code. Through this CTF, I found the dangers and hurdles enterprise developers must account for when developing enterprise-ready code, ensuring both functionality and security.
From this, I discovered the importance of running managed code, and the pitfalls of C and similar languages concerning RCE (remote code execution). RCE is where through buffer overflow hackers can overwrite memory addresses to forcefully run code. Additionally, through the cryptography challenges, I found the importance of using an up-to-date and secure cryptography method as I discovered how easily these can be reversed if not correctly implemented.
Overall, this was an enlightening experience and has, as a result, exposed me to these common security pitfalls that most software developers overlook when developing code, and I'll be more considerate of them in the future.I thank the DUCTF organizers once again for the opportunity of participating and I wish my team all the best for their future endeavours.