Summ3r of h4ck 2020. Results of the program

Summer is over, and our Summ3r of h4ck 2020 program has ended with it . It's time to take stock and see what our players have achieved this month. Their research and impressions of Digital Security will be discussed in this article.







You can see what our interns have been doing in past years here:





We followed a well-established practice: participants chose a topic of interest from the list provided and conducted their own research under the supervision of a curator for a month.



Two departments of our company participate in the program - the security analysis department and the research department. The first one deals with penetration tests, audit of web applications and corporate software , and the specialists of the second one - reverse engineering tasks, search for vulnerabilities in binary applications and devices and write exploits.



The selection procedure for Summ3r of h4ck also remained unchanged: first, participants answered the questionnaire on our websiteand solved small test tasks, and then received an invitation for a remote interview. Although the Summ3r of h4ck program takes place only in St. Petersburg, we were glad to see participants from other cities.



Introduction



First of all, our program is aimed at helping young professionals and students, but everyone can send their questionnaires. In addition, we are always very glad when they come to us again: it is nice to watch the growth of a new specialist and see how he develops and studies information security. But this does not mean that there are concessions in selection;)



The Summ3r of h4ck program starts with lectures. They are read by experts from two departments, and here are some of the topics that they touch on:



  • Development for Ghidra
  • Advanced Server Side
  • About Libfuzzer
  • Where to reap after RCE?
  • Pentest Android
  • taint
  • Kubernetes: From zero to hero ..


In addition to lectures, there were practical tasks, and even a kind of mini-CTF for everyone. The results of these assignments are taken into account later when selecting candidates for Digital Security employees.



At the end of the Summ3r of h4ck program , projects were defended. The participants spoke to everyone and told what tasks they faced and what they managed to achieve, what difficulties they faced and what problems they solved. Some have come together in groups to work on a common theme - we always welcome this.





Our wonderful merch



Everyone who successfully completed the internship received the Summ3r of h4ck 2020 certificate .



Traditionally, we asked our trainees to answer mini-interview questions and share their impressions.



  1. Digital Security? ?
  2. ? ? ?
  3. /.
  4. , ? -, , ?
  5. ?


,



, “ Ghidra”



1. I think it's no secret that you are popular in spbctf circles, and for every summer of hack there is an advertising post about you. It's cool that you are respected in such communities, and they write about you well in the reviews on past internships. This gives the impression of an open, friendly and modern company, and now I can say this with confidence)



2. As the organizers themselves noticed, this is more practice or training, and in this regard I am very pleased. There are many interesting lectures where you can calmly ask a question, ask to repeat it, explain a point, because the atmosphere is cozy and informal. After the presentation, you can make coffee and talk with the trainees about painful issues or go to discuss your project with a mentor. Such a simple connection between everyone is a big plus.



3. First, I studied how to reverse the UEFI firmware, the operation of its protocols, and then, when some understanding came, I began to write a plug-in for Ghidra that would draw graphs of connections between these protocols. Invaluable experience of studying the Ghidra API)



Link to the Github repository of the plugin for Ghidra





Graph of plugin connections



4. My task was quite abstract and therefore did not immediately come to my mind, but it was still interesting. Each discussion with a mentor moved the project forward, and only at the end of the internship did we come to something concrete. There is a lot of interesting fuzzing left, you had a cool lecture on this topic, and you wanted to have time to fuzz something with you, but it's a pity that I didn't have time.



5. I think yes, I liked the atmosphere you have, throughout the internship I wanted to come here



Nikita Chelnokov, topic “Automation of code reuse gadgets search for CFI bypass”



1. Before the internship, I played actively in CTF. At some point, I realized that I wanted to try myself in real problems. I saw that Digital Security has a summer internship program. About past internships, I read several articles on Habré and decided that it would be interesting and, most importantly, useful, which I was not mistaken about.

2. In short - very much. The lectures allowed me to learn better topics that I had only heard about, as well as set a certain vector for the development of skills. I really liked the master classes at some of the lectures and, of course, the work on the project itself.

3. My task is to automate the search for code reuse of gadgets to bypass CFI. In the project I used IDAPython, as a result of which the task was minimally solved. I will continue working on this project, and the next goal will be to make a graphical interface for this script in IDA. It is necessary to make it as informative and interactive as possible in order to simplify the task of finding primitives.



An example of the script



4. The task was really interesting, I had not come across this topic before. If the solution to this problem is done in the most efficient way, it will be possible to create new ways to bypass protection aimed at complicating the exploitation of binary vulnerabilities. The created utility can be modified in every possible way and used for a wide range of tasks. In the process, I improved my automation skills in IDA. Special thanks to my mentor who helped with the project and told me a lot of interesting and useful things.

5. Certainly - yes, both.



Novoseltseva Alena, theme "Symbolic performance in Ghidra"



1. I have been doing an internship at Digital Security for the second year in a row. The tasks of the Research Center are extremely interesting to me, so it was great to take on the project this year as well. Every day, employees of the company give lectures on relevant topics, which gives the internship a training character. It was very pleasant to know that most of the topics were either updated or completely new, and taking into account the specifics of the material, the repetition of what was covered seemed quite appropriate and even useful.

2. Due to the unstable situation, the internship had to be completed remotely and became the only intern in the research department at a distance. You can work in this way quite successfully, but you lose the possibility of live communication with mentors and other trainees. The extremely negative side is the fact that there is no opportunity to listen to live lectures of employees, ask questions and discuss technical subtleties. So I recommend doing the internship in person, otherwise a lot is lost.

3. The task of the research is to implement symbolic execution in Ghidra. It was necessary to choose one of the currently existing symbolic execution engines and screw it into the Ghidr interface. Candidates include KLEE, Triton, S2E and Angr. As a result, we decided to choose Angr because it is popular and has an accessible and well-documented API. From that moment, the development stage began, I began to write logic and a graphical interface. It is worth noting that the lion's share of the time had to be spent on the GUI.

In principle, the task was completed successfully. Now, symbolic execution is available in two clicks straight from Ghidr.



Link to the AngryGhidra GUI plugin Github repository





and an example of how the plugin works



4. As noted last year, I always wanted to dive deeper into the topic of symbolic performance, so this was a great opportunity to learn both theory and practice. In the future, I plan to study fuzzing in more detail and start looking for vulnerabilities.

5. With great desire and pleasure! The university is still ongoing, so, most likely, I will participate next time.



Oleg Moshkov, topic “Binary Lifting Fuzzing”



1. There was a desire to dot the i's: where to move further in the field of information security and what to do. Hence the choice of an internship in the leading company in the field of information security in Russia - Digital Security, so here I will be guided in the right direction.

2. The internship exceeded my expectations. I had the most top mentor: he was a real teacher for me who helped me not only with research, but also in the general part related to the field of information security.

3. It was necessary to test the toolkit for Binary Lifting binaries, try to phase them and find vulnerabilities. The problem was that most of the utilities were either abandoned or lifted only very simple binaries. I had to patch some of them, finish and rebuild, which took most of the time. In the meantime, they were rebuilt several times, we managed to phase one of the open-source projects and find a couple of holes in it :)





Comparison table of Lifting tools



4. I would also like to study a bunch of tools that we were told about in the lectures, but which were not there was time left, which I will do in the near future.

5. With pleasure!



Georgy Gennadiev, topic “Apple BLE protocols”



1. I decided to do an internship at Digital Security, as you are one of the favorites in the field of information security in Russia and abroad. In addition, the research that the company is doing was very much attracted.



2. I expected a lot from the internship, and my expectations were not only met, but exceeded. There are many interesting topics for research, mentors who are ready to help and answer any questions, lectures covering many areas (this is getting really invaluable practical experience, in comparison with university papers) and a virtual laboratory for practicing new knowledge.



3. For research, I chose a new topic for myself - mobile devices and Bluetooth Low Energy, and specifically two things - Apple find my and Exposure Notifications (API for detecting contacts with COVID-19 infected) from Apple and Google. In the process, I managed to deepen my knowledge, learn a lot of new things, write a couple of PoCs, but since the topics are difficult, I could not finish them during the internship, so I am researching them to this day.





Exposure Notification



4-5. All the tasks during the internship were very interesting, but unfortunately it is impossible to try everything, so I can confidently say that I am ready to return to DSec to continue my research activities and improve my own skills.



Conclusion



We are pleased to see that Summ3r of h4ck is beneficial and are working hard to make it better based on feedback from our members.



Thank you so much!" to those who came to us, took part in research and puzzled over our assignments. We are proud of you!



See you next year;)



All Articles