Defence Scenario: Cyber Polygon 2020 Technical Exercise Write-up

Legend

Core Mechanics

Checker is the mechanics that allowed us to check if the teams’ services were fully functional. Since the game service simulated a real web application, the checker was also used to ensure compliance with the rules of the game: the participants could not simply turn off the service or disable some of its features, all they could do was defend their segments against Red Team attacks.

Infrastructure and Game Service

Vulnerabilities

Insecure Direct Object References

Command Injection

Security Misconfiguration

JWT Signature Algorithm Change

YAML Insecure Deserialisation

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store