Cyber Challenges- Details
💻 Challenge #001
- 🛡️ Threat actor Romcom has been found to be actively exploiting CVE 2023-36884. As part of the challenge, you are required to go through this research blog and article thoroughly and build a complete exploit chain.
- ⚙️ The exploit should demonstrate its functionality by launching the calculator application on a Windows system. Ensure that a sandboxed environment, such as VirtualBox, is used for building and testing the Proof-of-Concept (PoC).
- 💡 You may like to build your PoC on the unpatched version of Windows/target software and disable any Antivirus solutions/Windows defender.
- 🔒 All experiments must be conducted strictly within the sandboxed environment, ensuring no harm is caused to live networks or computer systems.
- 📽️ You are initially required to submit a video of the Proof-of-Concept (PoC) clearly explaining each step of the exploit chain in detail. It should also include a root cause analysis and provide an in-depth explanation of the functionality of any public exploits utilized.
🏆 Certificate and Awards
- 📄 Participants whose PoCs are deemed suitable will receive a certificate mentioning their participation/rank in the competition.
- 💰 The first-prize winner/team will also receive a cash award of ₹10,000.
- 🌟 The winners will get opportunity to do internships or work on projects related to cybersecurity at IITM. The individuals who get opportunity to work on projects will also have the opportunity to enroll in MS program at IITM subject to his/her meeting the criteria.
📜 Competition Rules
- 🌍 The competition is open to individual security researchers of all ages and backgrounds. While individual participation is encouraged, teams of up to max of two members are also allowed.
- 🖥️ Participants are required to submit a video Proof of Concept (PoC). The guidelines for the submission of the video PoC are given separately.
- 📝 Shortlisting and Online Presentation:
- The submitted video PoCs will be evaluated by the competition hosting team. If your PoC is shortlisted, you will receive an email invitation to a Google Meet session.
- During the online session, you must clearly explain each step of your PoC and also have a live demo ready.
- 🏢 On-Site Demonstration at IIT Madras:
- If you are shortlisted after the online session, you will be invited to visit IIT Madras for two days.
- Travel and accommodation expenses will be reimbursed up to a fixed amount, as determined by the competition hosting committee.
- At IIT Madras, you must set up and demonstrate your complete PoC in a sandboxed environment, explaining each step in detail.
🎥 Guidelines for Submission of Video PoC
- 📩 The video PoC should preferably be shared with the email Id: cs14researchlab@gmail.com so that the same is not accessible to other participants.
- 🔗 A link to the video PoC must be submitted via the below provided Google Form.
📥 Submit
