Hugo's Blog

A Hacking Bootcamp

This a first hand account of being a participant of the Challenge the Cyber Bootcamp. This story started with my somewhat spontaneous decision to follow up on an invite to play in a capture the flag competition, which would be a first for me. Here we were, five of us, inexperienced, unacquainted, yet very much excited. Over the course of the next few hours we treated ourselves with lavish doses of dopamine by solving the puzzles and climbing the scoreboard against all our perceived odds. In the end, we read with disbelief: 7: The Bin Folders, a team name that, whilst sounding generic and 'cyber' enough to hide in plain sight, was actually a literal translation of an obscure, dutch euphemism for noble men who drink beer in large quantity, a joke so subtle that I didn't find out until after.

As it turned out, the event itself served as a preselection to the aforementioned bootcamp, and we as a team had secured 1 spot. My general distaste for planning and previously established plan to not do anything for the entire summer had yielded its results; with the bootcamp only one week away, I was the only member of the noble, beer drinking, and generally employed team at liberty to enjoy a week of on-site hacking. At the bootcamp I was joined by a mostly younger, mostly smarter congregation of ctf enthusiasts. Fascinatingly enough, we seemed to form anecdotal evidence that age and skill are negatively correlated.

The camp's location invoked nostalgic memories of the boy scouts and school trips. Unlike those times however, the organisation never felt the need to over explain or manage us at all. Even the younger members, some of whom were still subjected to a bedtime at home mind you, were deservedly entrusted with full individual responsibility. Of course we took turns doing the dishes and sacrificing a costly 15 minutes of sleep to make breakfast preparations. And costly they were, with intense courses everyday from 9:00 to around 22:00 and a miserably opaque set of curtains, sleep quickly became valuable commodity. Especially when taking into consideration that it should go without saying that the personal hacking projects would not be left unattended during those last evening hours before lights out. Simpler beings may tend to tamagotchis, we were hacking the planet.

On the first day, all getting up to speed on the latest cooking technique's known by the CyberChef, my eyes would occasionally twitch as I was eagerly anticipating the moment that we would be unleashed on a website full of holes. I imagined the party ripping it apart just like those Uruk-hai in the second Lord of the Rings movie; Looks like meat's back on the menu boys!. I bought the whole menu on that website, after all, the coupon codes were an encoded representation of their validity and reduction rate. Bin Folders get 99% discount.

Another quality a hacker should possess: explaining to the rest of the world what the problem is and getting the money in the right place. It's actually just like hacking: 1. gathering intelligence from the people in charge, no doubt obfuscated, cryptic, and possibly served with onions. 2. Process the results, lay statements next to a person's profile and access risk. 3. Lay out a plan of attack and carefully execute it. If all goes well, you can celebrate, you just made the world a safer place. It was enlightening really, perhaps consultants are not the soulless machines that I made them out to be.

Knock knock, who's there? It's the government. The National Cyber Security Centre to be more specific. They had a lot of useful things to tell us about security. Like how they had a lot of useful things to tell the rest of the government about security. Furthermore, we implemented encryption algorithms ourselves, a cardinal sin if it was any other day. Sorry what's that? You guys rose from the ashes of the Diginotar disaster? Now that is an origin story I want to hear in full length.

After what was either a nights sleep or a momentary lapse of conciousness between two club mate frenzies, the sun rose once more. Today would be about bits, bytes, and bins. About the art of analysing programs without running them, a digital virologist so to speak. Later, about the art of exploiting programs by running them, and bombarding them with unexpected input, tricking them into giving away secrets that were meant to be hidden. That day was to most memorable in my mind. It is so incredibly magical to reassign semantic meaning to machine code by just looking at it, albeit with the right tooling of course. It just goes to show how unlike a Turing machine the human creature is. How one can grasp and speculate, tie together information, bypass elaborate obstacles, all by looking at everything instead of one thing at a time. Despite the unsuccessful and foolish nature of such predictions: hacking is and will always be fundamentally a human job. That is not because computers cannot defeat themselves, it is because software, as unexpected as it might sound, has human written al over it, in it, and around it. Hacking is not about defeating computers, it is about finding the human flaw, either directly or indirectly.

With all the power me and my peers gained came a warning of responsibility, and rightfully so. Exactly because the software that we know today is written by humans, absolutely precisely that fact, is reminiscent of our individual responsibility to do it right. Not only in making it, but as well in breaking it. Ethics and moral may be complicated and be described in millions of pages in thousands of books by hundreds of geniuses, one place to start is without question a simple phrase: "Do the right thing". A phrase whose simplicity as well as its nuanced complexity has been popularized by one the greats: Spike Lee. I thank you for listening to my incoherent thoughts.

last modified: May 29, 2023 at 13:07