Based on the truth, attack and prevent, GEEKCON· new great new events use science to quantify safety.
In the Internet age, how can we know which intelligent system is safer? GEEKCON· New Great has brought a brand-new scheme. GEEKCON· New Great The newly set AVSS Challenge is a collision test field based on real network security, with real equipment and real scenes, which promotes the comprehensive judgment of vulnerability utilization ability and defense level from the perspective of confrontation, and promotes the safety judgment of products through scientific and quantitative dimensions.
The goal of "GEEKCON 2023· AVSS Challenge" is Android system. Unlike the traditional CTF competition, the organizer will implant the same or similar vulnerabilities in different versions of Android system and inform the players of the vulnerability information. Players must use the vulnerabilities preset by the organizer to obtain the flag. The competition focuses on the ability of players to exploit vulnerabilities, so that players can focus on vulnerability utilization and mitigation mechanisms, understand the principles of different mitigation mechanisms, and study vulnerability utilization technology from the perspective of confrontation and judgment.
In different versions of Android system, the defense mechanism is different and the ability to resist the same attack is also different. The organizer will set up a special competition platform, prepare several groups of application-layer and kernel-layer topics related to Android, and investigate the players' ability to exploit the same vulnerability/similar vulnerability in different system environments. The competition adopts the problem-solving system, which is divided into two stages: online trials and offline finals. The online trials are based on the Android simulator environment, and the offline finals will join the Android real machine environment. GEEKCON· New Great insists on advocating the reward mechanism of paying equal attention to honor and moderate bonus, and the competition sets a maximum bonus of 50,000 yuan and the opportunity to be selected into the annual Hall of Fame. In addition to bonuses, the participating teams will be encouraged and supported in many aspects, such as public reporting and technical exchanges.
Details of online trials
There will be n groups of application layer and kernel layer topics and m different versions of Android system environment in the competition. The same or similar vulnerabilities will be implanted in each group of topics, and each group of topics contains several versions of the Android environment. Different versions of each group of questions are scored separately. For each group of topics, the lower version of the topic will be able to unlock the higher version of the topic after the player breaks it.
Contestants/teams will download topics from the competition platform. For each topic (that is, each version of each group of topics), contestants will download information about the running environment of the topic and preset vulnerabilities, and for most topics, contestants can also obtain the source code used for topic construction.
Players need to complete vulnerability analysis and vulnerability utilization according to the given environment, and start the remote environment on the competition platform after successful utilization in the local debugging environment. Players upload exploit in a remote environment, and use the specified vulnerability to complete the exploitation and obtain the flag. In order to facilitate the review, players will upload the exploit and source code used to obtain the flag and a brief writeup on the competition platform to get points and unlock the next version of the topic.
Integral rules of online trials
Online trials are divided into two major tracks: the application layer and the kernel layer. Each of the two tracks contains several groups of topics, and each group of topics contains several topic environments with loopholes. Each topic environment is scored separately and the score is the same. The environmental score of each topic is fixed, and the first, second and third blood will get 3%, 2% and 1% extra points respectively.
The total score is calculated as follows:
The normalized score of the application layer and the normalized score of the kernel layer account for 50% respectively, namely?
Total score =0.5* (player's application layer score/the highest application layer score in the whole game) +0.5* (player's kernel layer score/the highest kernel layer score in the whole game) $.
Online trials are ranked by the total score, and those with the same score are ranked according to the last submission time. The winning team will advance to the offline finals. If the advanced team cannot participate in the offline finals, its qualification will be postponed.
It is worth mentioning that GEEKCON· New Great can also give various rewards and encouragement to users who participate in registration or recommend registration, and promote the attention and participation of innovative solutions in the industry.
As an international frontier safety geek technology activity platform, GEEKCON· New Great focuses on safety confrontation and creates a brand-new competition, which not only explores a new solution to product safety assessment, but also promotes industrial progress. The special registration time of "AVSS Challenge of Confrontation and Judgment" is up to August 10, and the online trial will be officially opened on August 26, which is unprecedented and deserves attention.
Declaration: All article resources on this website, unless otherwise specified or labeled, are collected from online resources. If the content on this website infringes on the legitimate rights and interests of the original author, you can contact this website to delete it.
!["It's a bit like the Olympic Games I imagined." German players praised Chengdu Universiade.](https://tse-mm.bing.com/th?q="It's a bit like the Olympic Games I imagined." German players praised Chengdu Universiade.&w=360&h=215&c=1&rs=1.jpg)
