SSTIC 2021 - Challenge writeup

Published on 2021-06-08 by xarkes

Last month of April I also gave a shot to the SSTIC challenge. It was very painful and amongst 150 participants and over 1600 downloads, I managed to finish 4th in the speed ranking with only 12 people managing to complete the challenge. My solution (in French) can be found here but as this year was the first time the challenge was open internationally, two solutions are available in English (the ones of Robert Xiao and ZetaTwo).

This year's challenge was crazy. It was required to extract files from an USB capture of an archive between an USB stick and a computer, then reverse engineer and exploit a Windows application exposed on a remote host, reverse engineer a virtual machine and defeat some bad encryption schemes, understand an unknown CPU in blackbox and finally exploit a linux driver vulnerability in order to take control of a PCI device connected on the machine.

Doing all of this was exhausting and very satisfying at the same time, and here is one of my favorite moment (except after just solving the challenge) that I captured in a moment of excitation thus I apologise for the quality:

Getting a shell on a remote Windows 10 computer

If you wonder if you should participate in next year challenge, don't hesitate, just try it. It will require a lot of dedication to reach the end, but even if you don't, there are many things to learn along the way.