2017年12月17日 星期日

【活動紀錄】南韓 Women Only CTF 與社團 -「Power of XX」&「SISS」

Special thanks to everyone who invited us, helped us and patiently answered our questions. Thanks Suhee. Thanks Jihye. 😍😍😍

簡介

2017年11月9~10日南韓資安研討會 POC 在首爾舉辦。其中 Power of XX 是由南韓淑明女子大學資安研究社(SISS)與 DemonLayer7 合辦的一場參賽者女性限定的 CTF 競賽。感謝 Power of XX 的邀請,讓我們有機會參與此次競賽,並與同樣對資訊安全領域有興趣的女孩們交流和學習。



POCPowerOfCumminity 的簡稱,自 2006 年第一次開辦以來,今年已邁入第 11 屆。根據主辦單位說法,今年與會人數高達 4000 名,來自 26 個國家。不僅是這場會議,其年度計畫包含:學齡兒童奪旗比賽(KIDS CTF)、零時差漏洞盛會(Zer0Fest)等項目。本次會議涵括兩天議程,除了安排 20 個議程場次、另外有 3 場訓練課程、2 場 CTF (Belluminar 和 Power Of XX)、和韓國資安人才培育計畫(Best Of Best)之作品展(The GoHost)。

POC is an international security and hacking conference in Korea. It was held on 9th and 10th November 2017 at Seoul. One of the important events of POC is Power of XX, which is a Women-only CTF competition hosted by SISS, Demon and Layer7. Thanks for inviting us to enjoy this event and also learn from the women with interests on information security.

POC(PowerOfCumminity) started in 2006 and has been organized by Korean hackers & security experts. The organizers said that the attendance ran to 4000 more people, from 26 countries this year. In addition to the POC conference, their year plan also included KIDS CTF, Zer0Fest, etc. The two-day conference comprised 20 sessions, 3 training courses, 2 CTFs(Belluminar and Power Of XX), and the wireless tracking work from Best of Best(The GoHost).

Power of XX


Power of XX 是南韓女性限定CTF競賽,每年 POC 的重要活動之一,最初由 SISS(Sookmyung Women’s University Information Security Study)Hack School 於 2011 年開始舉辦。而今年是由 SISSDemonLayer7 合辦。藉由這個活動,來自世界各地的女性可以群聚在此,交流與分享資安攻防的相關知識。

Power of XX 分為線上 Qualification 與現場 Final 競賽。通過 Qualification 的隊伍可再參與 Final 競賽,Final 的隊伍5人一組,年齡不限。兩者均為 Jeopardy 形式,包含 Web(網頁漏洞)、Reverse(逆向工程)、Pwnable(程式漏洞)、Crypto(密碼學),以及演算法和結合時事等題型。

這場比賽的創辦緣由為希望透過這場比賽,藉由解決問題的方式幫助女性簡易的學習基礎資安知識,並聚集全球對資訊安全有興趣且有能力的女生,彼此交換意見與技術。此外, Power of XX 最重要的目標之一也是希望建立起世界上各個資安女性小社群的聯絡橋樑,而對於每位參加者,不論是專業人士還是初學者,都可以開心的參與在其中。

Power of XX is a CTF competition for women, and is also one of important events of POC. It was jointly hostedd by SISS(Sookmyung Women’s University Information Security Study) and Hack School since 2011. This year, it was hosted by SISS, Demon, and Layer7.

Power of XX consists of online Qualification and Final competition. The team who passed the Qualification can form a group of 5 people, no age limit, and join the Final competition. Both Qualification and Final are Jeopardy-style. The competition features problems from various subjects, including hacking such as web vulnerabilities, reversing engineering, pwnable binary exercises, cryptography, quiz on IT knowledge, and algorithm.

The goal of this event is for women to learn security information easily by solving problems. Through this event, women from all around the world will gather together, exchanging knowledge and sharing their defense technique against hacking. In addition, the ultimate goal of Power of XX is to set up a network for small female communities in subject of security, and every attendees, from professionals to novices, to enjoy altogether.

SISS (Sookmyung Women’s University Information Security Study)


SISS韓國淑明女子大學資訊科學系的資安研究社團,創立於 2001 年,由大約 30 位在學學生組成。

SISS 每年會招收就讀於淑明女子大學資訊科學系的新成員,通常每年大約會有 10 位新成員加入。每學期她們會安排每週的讀書會日期,在讀書會時分享資安議題(她們稱之為 Weekly Trend)以及討論社團運作。Weekly Trend 內容包含攻擊防禦技術,主旨在討論各種不同的資安知識而非專研其中一領域。

社團幹部們會定期地(一個月或一學期)提出一些主題讓成員們共同研究並討論。成員們可以選擇她們有興趣的任何一個題目研究,並於每月或每週分享研究成果。研究主題可能包含 C, Python, GC, Reversing, OS, Web hacking 等。

SISS is an information security club under Computer Science department in Sookmyung Women’s University. It was founded in 2001, approximately 30 undergraduates students.

SISS recruits new members once a year. Usually about 10 new members who major in Computer Science in Sookmyung Women’s University will join SISS every year. Every Semester, they arrange the weekly meeting day. On that day, they will share some security issue(they call it "Weekly Trend") and discuss all of the decision of club. Weekly Trend usually includes attack/defense techniques and aims to various knowledge rather than an unique one.

The club officers give some topics(C, Python, GC, Reversing, OS, Web hacking, …) to members. Members choose one topic that they want. And once a month or week, they share the results of study.

Thanks again to POC staffs and SISS members. Although it’s sometimes hard for women to study security, we believe that we can conquer it! Let’s spread the Power of XX around the world!


Reference


  1. POC
  2. ctftime - Power of XX
  3. PCWorld 報導 - Hacking contest seeks to attract women to information security