NG

RITSEC CTF 2019 – Write Up

Posted on November 18, 2019

Between Nov 15 – Nov 18, I participated in my second CTF challenge, the RITSEC CTF. The overall competition was challenging in numerous ways but very rewarding. Our team of 3, including a team member participating in his first CTF, finished 236/900 teams. This CTF allowed me to explore new tools to use for challenge solving, including new cipher decoding tools and Linux commands. For this competition, I wanted to gain more experience in cryptography and concentrated my attention on that category. The following writeups focus on the challenges I solved.

1 – Gold Bug Cipher
2 – German Cipher
3 – ROT47

---

Gold Bug Cipher

Title– Shiny 
Category– Cryptography 
Description– .‡8]5);483‡5;

You must wrap the flag in RITSEC{ }
Competition– RITSEC 2019

---

1. The challenge provided the following hint of a golden bug in the file format of a jfif.
2. My first thought to this challenge was to open a terminal shell and run a file command   

---

3. From this I was able to find the file format of the file (jpg) and change the file extension to a jpg which gave the following image.

---

4. After receiving this image, I searched for this symbol ‘‡ (double dagger)’. From this I googled ‘double dagger cipher’. The first result was a called the ‘gold-bug cipher’ which provided me with a pattern match to the image. 

5. Using the gold-bug cipher online decoder, I entered the cryptic code given to me and received the following result ‘POEWASTHEGOAT’. Wrapping this I received the final flag RITSEC{poewasthegoat}. NOTE: entering as capitals didn’t work and therefore it had to be inserted as lowercase. 

---

German Cipher

Title– Initiation 
Category– Cryptography 
Description – The final flag is in English and must be wrapped in RITSEC{ }
Competition– RITSEC 2019

---

1. The challenge began by with 2 images. One which included a line of handwritten cryptic code and another photo of charachter on a map. 

---

---

2. From this I took a screenshot of both images and google searched using those photos. From this I was able to find the character was called ‘Simic Manipulator’ which was a German card for a game. The image was also placed over a country from an old map which was ‘the German empire’. From this I was able to deduce that I was looking for a German cipher to help me decode. 

3. In order find which one, I google German ciphers and then checked images to see If any language matched what was given in the image. Instantly I saw the Copiale cipher wheel which matched the language I was looking for.

4. I used the following table to assist in translating the code.

---

5. Once I decoded the message, I got the following output.

---

6. As the flag didn’t make sense, I tried converting some of the words to German considering the cipher was a German one. Google translated this to ‘creepy cults and old cyphers. Once wrapped in the flag, it resulted as RITSEC{creepy cults and old cyphers}.

---

ROT47 Challenge

Title– Pre-Legend 
Category– Cryptography 
Description-9EEADi^^8:E9F3]4@>^4=2J32==^D@>6E9:?8\FD67F=\C:ED64

Wrap the flag in RITSEC{ }
Competition– RITSEC 2019

---

1. To begin this challenge, I copied the code given to me into Google in the hopes of finding a match for characters or patterns similar to what was given to me. With no luck I then began to try in segments. I copied ‘9EEADi^^8:’ and pasted this into Google. This provided me with a match for a variety of decoder tools such as ROT5, ROT13, ROT18, ROT47. 
2. Reading the description for each decoder, ROT47 provided a strong similarity with a set of letters, numbers, and symbols (All ASCII characters). 
3. Once decoding this link, I was given a GitHub link which was the final flag.
4. Wrapping this up, I received the flagRITSEC{https://github.com/clayball/something-useful-ritsec}

{ Google Case Champions – 2019 }

Posted on April 18, 2019

UTS is well known for its business society and the case competitions that the university participates in. As a software student with a sound understanding in business, case competing was that something that I wanted to invest time into. At the start of the autumn semester of 2019, the UTS business society promoted the Google Case competition. This competition was an event designed to challenge Sydney based universities to deliver an accessible product feature that could be applied to one of Google’s current products.

The competition followed a three-stage process.
Stage 1: Assembling a team and submitting your presentation deck and idea to your university. To move on to stage 2, your idea had to be selected among all the submissions within the university.

Stage 2: After being selected, your team had to compete against all other selected teams and present your pitch to a variety of board members (Within UTS, this was presented to a variety of members within the business society). After competing, two teams would be chosen by the board to represent UTS and present their idea to Google Employees at Google’s office in Sydney.

Stage 3: This was the final stage of the competition. Each team would present their idea against all Sydney based universities.

Our team consisted of 4 team memebers, Joseph, Jasmine, Justin, Nick (myself). Our first issue to tackle was selecting an existing Google product that we could improve in a certain way. After conducting three meetings, our path led us to the education sector. From there, we began investigating Google Classroom as it was a tool some of our team members had previously used before. With various amounts of researching, we eventually came to the conclusion of education for students with special needs.

Our team compiled a presentation deck for our solution, Google classroom Squared. This solution tackled a significant gap in the education market and Google Classroom’s software capabilities. Our answer would allow teachers to design activities and homework problems, tailored to an individual student with an individual need/requirement. It would also allow teachers to complete this for a range of students within a small time frame. Additionally, the software would enable family members to be on board with the process and have easy accessibility so they could also help these students from home.

After submitting our presentation deck, we qualified as one of eight teams within UTS to compete against other UTS teams for stage 2. As this was our first case competition, there was a lot of room for improvement for our team in regards to what we should present. A lot of the other groups illustrated the financial projections and costs of their ideas, which was a significant element missing from our deck. Fortunately, our solution met the criteria, and our team was chosen as one of two teams out of eight to represent UTS at Google’s office in the final round.

To prepare for the final round and meet the desired caliber, our team stripped apart our presentation deck and redesigned our presentation approach. We conducted a large amount of market research, contacting schools and special needs schools to ask if they would use this product and what their budget was. We identified what schools would pay for this product. We asked parents if they would pay for this product and at what price. Our team also stripped away any content-heavy content slides to make the presentation as readable and engaging as possible. Our last significant improvement was question preparation. We researched 50 typical pitch questions and questioned each other. If we didn’t know how to answer it, we stopped and thought of a solution. This preparation paid off enormously when the Google board members asked us questions.

As the final round completed, our team (New Jersey) was successful in taking 1st place for this competition across all the universities in Sydney. With a significant amount of preparation, we were able to answer all questions from the panel. Our solution fulfilled the given criteria and presented a solution to a real need in the educational market and Google’s current product, Google Classroom.

Overall the experience was challenging, exciting, and rewarding. Personally, I improved my presentation abilities, my business understanding, my growth as a team player, and I was able to gain some valuable industry connections. I look forward to competing in the 2020 Google Case competition.

{ The Final Stretch }

Posted on March 3, 2019

A Recap of Engineering Practise Preparation (EPP)

After six weeks, my journey with Engineering Practise Preparation (EPP) studied at the University Of Technology Sydney (UTS), has come to an end. Throughout the past week, I have assessed and submitted feedback to my peers for a second time on their e-portfolio, I have received constructive feedback on my e-portfolio, and I have been finalising my e-portfolio to include all the necessary information required to showcase my abilities and to reach a standard of high excellence.

EPP has not only assisted in educating/preparing me for an internship or work in the real world, but it has also given me the opportunity to learn and improve vital skills that are a necessity when it comes to working with groups. From these skillsets, various methodologies can be utilised to ensure these skills are being applied positively and effectively. For example, the sandwich model. This feedback technique is something that I have taken on board. The way the model is broken down by providing positive feedback, followed by constructive feedback, and finalised with positive feedback, is something I believe is an effective way to provide feedback. I applied this methodology towards my peers in week four and week six when I had to assess their e-portfolios. By doing this, it generated a safe and positive atmosphere, and it allowed for everything to run efficiently.

After completing EPP, I believe I have successfully completed the subject learning objectives. The first learning objective focuses on the student’s ability to articulate preparedness for participating in an engineering workplace. By completing group work activities, assessing and providing feedback with my peers, and focusing on the appropriate ways to provide feedback to group members, I am confident that I can demonstrate this objective.

The second objective focused on a student’s ability to document and communicate their capabilities to contribute to a workplace and engage in workplace learning. I have successfully met this objective by providing written feedback to my peers on their work, voicing my opinion on various class topics, asking questions, and actively listening to my fellow group members/class members on their personal opinion towards multiple topics.

To guarantee that I have met these two objectives, I have taken it upon myself to create three primary goals that I would like to fulfil when I begin my internship/job, and these include:

• Shadow, an engineer, to gain insight on what I should be doing on a day to day basis and to see what level of expectation I am to meet
• Ask as many questions as I can to become comfortable in the surrounding environment and to gain clarity on the projects being developed
• Partake in a lot of group activities/industry events to assist in my development from a novice to a senior engineer.

Upon reflection, EPP has successfully implemented various topics and questions that have assisted me in the development of new skills that are required in the workforce. By assessing my peers, I have been able to improve my feedback skillset, and I have learnt new methodologies which can be applied when providing feedback. With this, I feel confident that I have met the subject learning objectives and that I am ready to work as an engineer in the industry.

---

{ Assessment 2 }

Posted on February 25, 2019

Reviewing e-Portfolios – 2.0

For the past six weeks of Engineering Practise Preparation (EPP), I have been developing my skills and my e-portfolio which demonstrates my work towards software engineering/development. To ensure that students construct an appropriate and high-level portfolio, the University of Technology Sydney (UTS), have created groups for students to share and assess each other’s portfolios.

For assessment two, my peers and I were to follow up on each other’s e-portfolio and ensure that everyone is meeting all the checkboxes. Having experience from the first assessment and becoming comfortable with the sandwich feedback model, I was able to write up a detailed review of all of my team members e-portfolios.

Unfortunately for the second assessment, I was not able to assess any of my team members work, and I was not able to create significant changes to my portfolio until the day before we were to meet up. The reasoning behind this was due to my study for my final exam which took place the day before the second assessment for EPP was due. Fortunately, my team members were considerate towards this issue and assessed mine on the day, before our class. I was able to complete a detailed review of all of my team e-portfolios, but I was not able to change a lot of my portfolio from the previous feedback given in assessment 1.

Despite this issue, the feedback session with my peers resulted quite well. All of the group members took the feedback in a positive manner and in return they provided me with some excellent feedback. As each member informed me of what I could change or improve, I was able to write down the feedback and ask for suggestions on how I could change some certain aspects.

Overall, every team member informed me that I had done an excellent job and my portfolio showcased a high-quality representation of myself and my previous software development. Aspects I took on board to look at adding or changing included:

• Changing my learning journals to be listed in chronological order
• including a CV tailored to a job advert I was interested in
• Ensuring I differentiate what companies I have previously worked for and what companies I am interested in working for

EPP assessment two resulted in a positive and effective method for assessing my e-portfolio and providing feedback towards my peers. The group I was involved with, showcased a strong level of detail and communication which made our group tasks easy to complete. This allowed us to provide constructive criticism towards our e-portfolios. Our team’s friendship reached a level where we were assisting each other on homework/assessment topics outside of class time. I am very grateful to have met the members in my group and look forward to maintaining a connection with them.

---

---

---

Download The Feedback Given From My Peers

{ Assessment 1 }

Posted on February 14, 2019

Reviewing e-Portfolios – 1.0

Engineering Practise Preparation (EPP) is a subject at the University Of Technology Sydney (UTS) that focuses on developing a student/novice engineers portfolio, ensuring they are prepared to show future employers what they can offer the employers company. Within the subject, we were asked to create an online e-portfolio which describes us and showcases what we can provide, what skills we are familiar with, and so on. Utilising peer reviewing, students were able to showcase their e-portfolios to their peers for constructive feedback.

At the beginning of the semester, I was placed with three other students (respecting their privacy, I will not mention their names) who would asses my online e-portfolio. Fast forward four weeks, I have now completed my first draft of my portfolio which I submitted to my peers for feedback. Not only did I have to provide a portfolio for review, but I was presented with the task to review three other portfolios that were submitted to me. By completing this, I was responsible for informing them of elements I believe should be tweaked or added to improve the overall quality of their e-portfolio.

Reviewing products and providing constructive feedback is not a skill that is foreign to me as I have been exposed to it on a professional level. My exposure has been developed from the video games company I currently have the pleasure to work for, Limerocket. To guarantee that the games we develop meet a criterion of high quality and enjoyability, reviewing and providing feedback is something that the team and I have to do to achieve this. With this experience and the new feedback methodologies, I have learnt from EPP; I offered each of my peers honest and valuable feedback to help them improve their e-portfolio.

During our in-class tutorial, we exchanged feedback verbally with each other. Learning about the sandwich feedback model, I wanted to take this approach as I felt it was the most effective way to express my opinions in a positive yet valuable manner. My peers were exceptionally pleased with what I had to say and took everything on board by writing down the feedback.

As my turn approached to receive the feedback from my peers, I asked for them to “rip into me”. My reasoning behind this is because I wanted to improve my e-portfolio to best I could. Having a safeguard on the feedback would not allow me to achieve this. My peers ensured to do so, and questioned sections they thought did not make sense or could be improved. Writing this down in real-time allowed me to identify the critical issues but also sparked new ideas.

Overall the experience of providing and receiving feedback was excellent. Being honest was a valid key in making this experience valuable. Becoming aware of the sandwich feedback model was something that I will bring with me when providing feedback for Limerocket and future company projects.

---

---

Download The Feedback Given From My Peers

{ Beer & Pixels }

Posted on February 10, 2019

Video Game – Industry Event

---

Every month, local video game developers, designers, software developers/engineers, and so on, congregate together to showcase their latest video game projects in the making for feedback, and to network with local developers/designers, etc. This event is called Beer and Pixels, and it’s a great way to not only seek feedback on projects but also to connect with people in the video game, and software industry.

For the past three years, I have been fortunate to work for a company called Limerocket. Limerocket focuses on creating live multiplayer games for large crowds, and they achieve this with their platform BuzzyTv. This platform has a library of 1-3 minute competitive games. As our games require large groups to play, I venture with my team to venues to showcase the games and obtain feedback. We also host competitions to engage more people and to generate a friendly competitive nature when our games are being played.

Beer and Pixels is an even that Limerocket enjoys visiting as it has a great range of developers, designers, writers, and so on. During May 2017, I had the pleasure to attend this event with my other colleague Laura, who specialised in marketing for Limerocket. This was the first time I was showcasing our games from Limerocket without our programmer or CEO, so it was exceptionally nerve-wracking to host and have no on-site live technical support.

This fear developed into a blessing in disguise. The reasoning behind this was when I faced a few technical issues; it forced me to learn to tackle problems on the spot and while under pressure. It also allowed me to speak with other developers and engineers about viable solutions that the team and I could utilise to resolve these issues.

Throughout the night we received a lot of positive and constructive feedback towards a variety of our games. While showcasing these games, I had the pleasure to meet a reporter who was interested in what Limerocket had to offer. During our discussion, I was able to collect a business card and a LinkedIn connection.

Overall the experience of flying solo was something that put me out of my comfort zone. At the end of it all, it unquestionably aided me in enhancing my problem-solving skillset. The event itself was positive, and it allowed me to walk away with feedback that I could utilise to improve the content for Limerocket.

To Move to a new level in your life, you must break through your comfort zone and do things that are not comfortable”

T. Harv Eker

{ Hackerman }

Posted on February 3, 2019     Leave a Comment

CYSCA 2018 – First Year Champions

I want to change things up this week and reflect on my first competitive university challenge, as opposed to just reflecting on what I have learnt from EPP in week 2.

At the start of semester 2 (July 2018), I took it upon myself to push further and embrace a new skill set that I could apply to my career. Cybersecurity was the answer! I have always been interested in cybersecurity and the fundamentals behind digitally breaking down and manipulating products. UTS has a cybersecurity organisation run by students for students.

After successfully signing up, it was apparent how much enjoyment and knowledge I was retaining from the weekly Thursday meet-up classes. It was enough to push me to enrol for a chance to represent UTS in the annual CYSCA 2018 cyber security competition. I was fortunate to have been 1/2 first-year teams. My team consisted of 4 members:

• Andrew – Our team captain – He took charge of exploit/reverse engineering
• Andy – Tactician – He was a generalist that knew a bit of everything and assisted the entire team
• Brendan – Web specialist – He focused on web/application security
• Nick (Me) – Digital Forensics/Network – My role was to focus on intercepting data packets that contained vital information.

After months of training and preparation, our team was ready for the next 24 hours of “ethical hacking”. As the clocked struck 12 pm, everyone went silent, and the competition had begun. At 12:01 pm, I had already hit a brick wall as I was the only team member that could not access the files I needed to begin my tasks for the digital forensics section. This was the start of many issues to come.

Despite the frustration which occurred now and then, we resolved our minor conflicts/frustrated moments, by working on a challenge together as opposed to having one member tackle one challenge. This was not our only process to resolve these incidents. We took breaks to relax our minds, played some games, and got some fresh air. By doing this, we were able to boost our team chemistry and walk away from the challenge as the highest ranking first-year team/8 first-year teams in Australia for the competition.

In conclusion, our team were faced with many incidents. Although we did not formally address these incidents, we were aware that they existed but proceeded to resolve the issue in various ways. Looking back at the competition, I can recognise:

• Patience is crucial
• If you are panicking, then take a deep breath
• Communication is key  

Using these key points, I already feel much more confident in minimising potential incidents in my next team-based competition. When a conflict arises, I will be more prepared in how I can approach the situation.

---

“We’re all working together; that’s the secret.”

Sam Walton

---

{ How Important Is Feedback? }

Posted on January 22, 2019     Leave a Comment

Week 1 Reflection 

Week 1 of Engineering Practice Perpetration (EPP), has most certainly reformed my perspective to not only what the subject will provide but also what I need to do to grow as a novice engineer and how I should approach industry professionals. The lectures and tutorials have provided me with enough information to start respectably contacting industry professionals, in an attempt to potentially gain work placement with a company I would like to work with.

Although I apprehended the importance of peer feedback, EPP has reiterated why peer feedback is valuable. It has illustrated how to approach peer reviewing in a gentle/constructive manner. Completing in-class task activities and following the sandwich feedback model, has provided me with an alternative approach when giving feedback.

As I showcased my current e-portfolio to my peers, it became apparent that numerous technical and visual errors need to be resolved. My peers pointed out all the positive features that visually appealed to them and provided constructive feedback on areas of my e-portfolio that could potentially come across as more aesthetically pleasing.

This feedback demonstrates why feedback is valuable as it allows someone such as myself to improve a current product in development. Feedback also generates new ideas that were not originally thought of. For example, one of my team members began her ‘about me’ section with a quote for an entrepreneur. This was something that caught my eye and has now been incorporated in my e-portfolio.

My objective now is to set up a plan to work on my e-portfolio and tackle certain sections, week by week. My reasoning behind this is to ensure that by week four, I will have a high-quality e-portfolio for my peers to assess. On top of this, I will continuously ask for feedback to eliminate any issues I can’t see. I will also research various methods of giving feedback, so I can choose a technique that I feel is most appropriate for supplying feedback.

EPP differentiates itself from my other university subjects by focusing on constructs such as feedback and communication, that are vital when working as a team. Most importantly it focuses on the different approaches a student can use to progress as an engineer, achieving a sense of awareness towards engineering identity.