A New Approach To Learn Cyber Security: VantagePoint

January 16, 2023

Application security is crucial as it ensures the protection of sensitive data and personal information of users. As the number of cyber attacks continues to rise, it is imperative that applications are built with security in mind to prevent breaches and protect user data. Additionally, application security is especially important for developers, as it not only protects their own applications, but also the users and systems that interact with them.

Furthermore, for penetration testers, understanding application security is essential for identifying and exploiting vulnerabilities in systems. Without a thorough understanding of application security, it is difficult to accurately assess the security of an application and provide effective recommendations for improvement. The proliferation of powerful and easy-to-use hacking tools and services has made it easier for even inexperienced attackers to launch successful attacks. These tools and services have made it possible for attackers to launch sophisticated attacks with minimal technical knowledge, increasing the number of threats that organisations must defend against.

So how do you protect your application, or organisation from these cyber attacks? Well the answer is, by getting better at finding and fixing vulnerabilities. Learning cyber security, or application security can hugely impact your career.... but it has to be done in the correct way.

At Enciphers, we create training to deliver three things: What to do | Why to do it & then How to do. The "How to do" part is usually what people learn, like how to run a vulnerability scan, how to test SQL injection.... but it is more important to know What is an SQL injection and Why it occurs. In terms of learning cyber security, there are several ways in which you can gain theoretical knowledge about attacking and securing digital assets, including computers, software applications, organisations' infrastructure, etc. However, to gain a thorough understanding and comprehension of skills, it is best to develop a method and create a mind map that can be put into action. Then, apply this mind map to a real-world, challenging platform.

To facilitate the same, we created VantagePoint. A platform to learn, practice & improve your cyber security skills.

Why Vantage Point ?

VantagePoint  platform aims to provide a comprehensive and realistic testing environment for cybersecurity professionals. One of the key advantages of this platform is that it utilizes real-world like applications that have vulnerabilities commonly found in production environments. This allows participants to simulate a complete penetration testing scenario and gain valuable experience in identifying and exploiting these vulnerabilities. The platform provides a detailed feedback for every submission, which helps in filling the gaps and not just focusing on solving a challenge. Additionally, the labs provided on the platform are highly dynamic and ever-evolving, which ensures that they remain current and relevant to the constantly changing cybersecurity landscape. Overall, VantagePoint is designed to provide a challenging and realistic training environment to help cybersecurity professionals to hone their skills and stay up-to-date with the latest threats and vulnerabilities.

Introducing VantagePoint

VantagePoint is an state-of-art platform that offers an unparalleled testing environment for cybersecurity professionals and enthusiasts to test and enhance their skills. The platform is designed to provide users with a comprehensive and up-to-date understanding of the latest cyber threats and challenges by simulating real-world scenarios. It features a wide range of modern and realistic challenges that mimic the production environment, giving participants the opportunity to apply their knowledge and experience in simulated real-world scenarios. The challenges provided on the platform are designed to simulate various cybersecurity scenarios, such as web and mobile application vulnerabilities, and reverse engineering. These challenges are meticulously crafted and regularly updated to reflect the latest trends and threats in the cybersecurity landscape.

Thought Process behind building Vantagepoint

  1. Scenarios and challenges: The platform includes a variety of different scenarios and challenges that test various domains of cybersecurity, such as web security, android, and ios mobile application security, basic to advanced reverse engineering etc.. These scenarios and challenges are designed to be realistic, with varying levels of difficulty to cater to users of different skill levels.
  1. User-friendly interface: The interface is intuitively designed, thus allowing users to quickly understand the platform's features and capabilities and to easily access the resources they need. The platform  is  designed to provide a seamless user experience and to maximize the learning curve for new users. Overall, the user-friendly interface of VantagePoint is designed to help users quickly and easily access the resources they need to improve their skills and knowledge in the field of cybersecurity.
  1. Leaderboard and scoring system: A leaderboard and built-in scoring system is a great way to create a sense of competition and motivation, and also a way to track the user's progress.
  1. Maintenance and updates: The platform is regularly maintained and updated  to ensure that the challenges and scenarios remain current and relevant. This could include adding new challenges based on newly discovered vulnerabilities and research thus inculcating newer concepts and knowledge base.
  2. Manual evaluation and custom feedback: VantagePoint is a platform that facilitates the manual evaluation and provision of custom feedback for Proof-of-Concepts (PoCs) submitted by users. The platform utilizes a robust evaluation methodology that provides participants with technical reasoning, information on their chosen approach, a detailed mind map of the task, and suggestions for improvements. This approach allows for an end-to-end understanding of problem-solving and the development of an attacker mindset. Furthermore, the platform allows for the participants to have an in-depth understanding of further improvements in their submitted PoCs, and the potential vulnerabilities that may exist. The feedback provided  will be based on industry standards, best practices, and the latest research on the topic.

Lets Explore VantagePoint

Here is a walkthrough of VantagePoint & what you can expect:

  1. Enroll for the event: To participate in an event, you'll first need to enroll for the event. You can enroll for an event by visiting VantagePoint and providing your name and contact information to get the event code. Note: Some events are paid, which would require you to complete the payment before you can access the event.

Enrolling in an event

  1. Once you enroll, you would receive an invite code on the email provided. Register with received event code.

Registration with invite code

  1. After successful registration, you will be redirected to the event details page.
  2. Get Familiar with the Platform: Before directly proceeding to the competition, take some time to familiarize yourself with the platform, look at the instructions, the scope and the rules of the registered event. It is properly mentioned about the tools that will be required for the completion of the challenges. It is advised to install all these necessary tools as applicable.
  1. Begin the competition: For a particular task, check its prerequisites so that you won’t miss any information about it. Once the competition begins, you'll have a set amount of time to complete the task. There are a number of exciting challenges that can be played during the event.
  1. Identifying and exploiting the vulnerabilities: The first step in solving a challenge is to properly understand the task and based on it,  identify the vulnerabilities or right solution. This will usually involve looking at the code, application logic, playing with several tools, reverse engineering and identifying areas to get the correct solution. Exploitation involves writing a script or program to automate the exploit, or manually executing the exploit by inputting a specially crafted string.
  1. Submit the PoC: Once you've successfully exploited a vulnerability or identified the solution or obtained the flag, you'll need to submit your workings with proper explanation to the platform to receive appropriate points for solving the challenge. 
  2. Feedback:Enciphers team will evaluate your proof of concept and provide feedback. Through the feedback section, the contestant will be informed if he/she missed mandatory terms. Here is an example:
  1. Keep an eye on Leaderboard: Vantagepoint provides a scoreboard that will allow you to see how you are performing compared to other teams. You can see a leaderboard of an ongoing event in Vantagepoint.

Events:

VantagePoint events typically consist of several different challenges, each one catering to a specific area of security, such as web application security, reverse engineering, android application security, and iOS application security. These challenges are designed to test participants' knowledge and skills in identifying and exploiting vulnerabilities.

  • Each event typically starts with an event description, which provides an overview of the event and specifies the domain that the event caters to. This section provides information on the type of challenges that will be included in the event, such as web application security, reverse engineering, android application security, and iOS application security. and the level of difficulty.
  • The rules of the event section outlines the guidelines that participants need to follow while participating in the event, it includes information on prerequisites, duration, points, and submission review. It also explains how the points are awarded and how the winners are determined.
  • The tools and resources section provides information on any apps, binaries, or tools that are required to solve the challenges that are part of the event. For example, it can provide links to downloading / Setting up vulnerable web applications, android or iOS applications and also provide information on any additional tools that are needed to complete the challenges, such as a debugger or a decompiler.

  • The other relevant links section includes any other important links such as registration link, leaderboard, and other relevant resources that can be helpful for the participants.

In summary, VantagePoint events are designed to test participants' knowledge and skills in identifying and exploiting vulnerabilities by providing a variety of challenges. Each event has event description, rules of the event, tools and resources, challenges, leaderboard.

Challenges

VantagePoint challenges are a set of tasks that fall under a particular event. Each challenge is designed to test participants' knowledge and skills in identifying and exploiting vulnerabilities. 

  • The highlights section of the challenge page shows the rank of the participants, top score percentage, total points awarded and number of challenges completed. This allows participants to track their progress and compare their performance to others. 
  • The “Available Challenges section shows the number of challenges available to the participants to solve. Each challenge has a challenge description, duration in which the challenge has to be completed, and the points awarded on completion of that challenge. 
  • Below that, there are“Expired Challenges” section which shows challenges that were not completed within the given time.
  • The points awarded are based on the steps followed, attack surface mapping, thought process, mind maps, etc. 
  • Once a participant clicks on "Solve Now" for a particular challenge, a problem statement and its relevant hint, wherever applicable, will be shown in the left-hand side panel. 
  • In the right-hand side panel, there is a text input editor where the participant has to write the appropriate solutions followed by uploading proof of concept. 
  • Participants will be able to upload relevant files which support PNG, JPG, TXT, PDF, MP4, WMV formats. Overall, the VantagePoint challenges are designed to provide a hands-on learning experience for participants, and to test their knowledge and skills in identifying and exploiting vulnerabilities. 

The problem statement, hint and solution submission format allows participants to practice in a realistic environment, and to gain feedback. The proof of concept submission feature allows participants to showcase their work and demonstrates their understanding of the problem and the solution. 

The time limit for challenges on VantagePoint is an important aspect of the platform, ensuring fairness and equal opportunity for all participants. In case of extenuating circumstances, participants can request for a reset of the challenge through the training chat platform, the team will review and decide if the time limit can be extended.

Conclusion

In conclusion, VantagePoint is a valuable platform for individuals interested in learning and advancing their skills in various areas of security. It offers a unique approach to learning through its manual evaluation process, expert guidance and feedback and active learning. The problem statement, hint and solution submission format allows participants to practice in a realistic environment and to gain feedback from experts. The proof of concept submission feature allows participants to showcase their work and demonstrates their understanding of the problem and the solution. Overall, VantagePoint provides a comprehensive and interactive learning experience for participants, making it a great tool for learning security and getting on the right track for a career in the field of cyber security.