Skip to content

Questions and tasks for 2nd conversation

Questions for reflection and elaboration

  • Every year, the Norwegian National Security Authority (NSM) delivers various reports. One of these is named "Risk 2023". In this report, NSM mention the concept of being "vulnerable on the flank / sårbare på flanken". Reflect with a few points on what this means for a company like Bouvet.
  • Supply Chain Attacks - are one of many attack vectors. Reflect briefly on what you think this means for a software development team, and any measures that can be taken to avoid such attacks?
  • In the field of cybersecurity, the term "Red Team / Red Teaming" is well-known. There is also a color that represents "Application Security". What color represent AppSec, and what do you think the color illustrates?
  • When a team develops software, they rely on many different frameworks and libraries developed by others. What measures can be taken to ensure that there are no vulnerabilities in such dependencies?
  • When developing software, one often follows a "process" named SDLC (Software Development Life Cycle). Reflect on how security can be implemented in the different phases of this process.

See next page for pratical tasks.

CTF - Capture The Flag - tasks

Base Encoding

Base encoding is not really cryptography, but a nice way to encode bytes. CyberChef has many recipes for these base conversions. By studying the string below, can you figure out what the flag used to be before it was encoded? Note: No base encoding in CyberChef was used more than once!

String to decode: R05WVlVWS1ZNVTJFSVpDU0dWREhRT0NLS0pESE9VU0tKSlpHVTVDSEdSR1VNVEtTUEJERFFORFdOWlRIUzJTQ0xCNERLUkRGT0kzR1FTUlNMRlNES1lUMlBGTkhJWUxWTEZEREdXRFVPTlhYRVpLVU5KWkRNNTJNSzRZV01OVEpNWktVMk0yV0pKUkRNVFNLS1JKR0c0M0JLTktFNDMzWE1ORlZNMjNJSTVMRFE2Q1VJRTRXSVNSWUhCUVc0WlpVS1pZRU9aTERIQT09PT09PQ==

Correct answer is in the format : flag{...a string of text...}

Explain how you solved the task, including which tools you used in the process.

Classy - cryptography and ciphers

Back in the days, all cryptography was done by hand. I made a series of very old ciphers for you to solve, where each solution hints to the next For the first cipher, you might want to look up ciphers named after Roman emperors.

Cipher 1:

Pnrfne pvcure vf vaqrrq gur pbeerpg pvcure va guvf pnfr. Gur arkg pvcure jnf perngrq ol Tvbina Onggvfgn Oryynfb nyzbfg 500 lrnef ntb! Sbe gung bar lbh nyfb arrq n xrl, juvpu vf "ploreynaqfyntrg".

Cipher 2:

Amv jffnq ll! Ehk zbicoiip cvszpr ow ogpz irdy gr mydkvlvyoh ryd qr tj hgrw, dsu mk haf ywcy nekf rp ekeapn ottnsnv y lip. Tt grgv nkeknw 300 zircs ohxzrk whocprv xaadypd zs ykle ee ltgduv. Su jht rii epxg, dfo lgwm, egqlvc tudl ts kbtermc nsag bgf axi zqgok kz db dk herp. Mjc dmgsee lk dtope xghieprr, eme tnml vgni kse xhq ts 20 ilttydxvcs yrfr ath vqkqpveeyb jlnjsf. Imph cfcx!

Cipher 3:

T vzlx dpv vfiso mn onmmxlhty ltmwui ttc fhwl, use tt jkn ije dfh, dzg hcixdfwzj hxfsouu atcq tvtg kzdh aahumf myc fefeaimco evto vmbmbvblp. Fhs vaywwsycx sfftj o qzf ot mxve qcc wmybdaj ht hary, lh G htzw ntrcmu fb f mut ouhse evp befh, jv pcz oa ncm fgyo. Hsa ynobb wzfr iize vmydwdp hk uiu ncwo rloz ymwwchaw gz b ihinrslm hicy mflydju bdu hmpz, ib ehupc qlox, yif ivbypzcs - veyddwn ybuifhj owp qagr mm mcslg mtebo - nwys gnrxkqnzfpo ujuxuvb ysq wckwq. Qtblhed, uiu wzfr iize xlo hwed t xrvyxuqj olclblr mflydju, bi kc kzxlcp mfp yccitq gmqx ttcyah.

Correct answer is in the format : flag{...a string of text...}

Explain how you solved the task, including which tools you used in the process.