Vito

As a member of Nautilus Institute, Legitimate Business Syndicate, and the Hack-A-Sat organizing teams, Vito has helped organize Capture The Flag contests enjoyed by thousands of players all over the world. Vito's work included building infrastructure for distributed software development, designing and building both cloud-based and on-site scoring systems for CTF, visual design and branding of competition materials, picking fonts, sourcing coffee and other beverages, and challenge development. Vito's favorite software weakness is CWE-666 and he literally unironically enjoys long walks on the beach.

The speaker's profile picture

Sessions

06-28
15:30
20min
Moderinizing SQL Injection CTF Challenges
Vito

At Nautilus Institute, we built a system for running "Raw Water," a web-based SQL injection challenge for DEF CON Capture The Flag qualifiers in 2023. This challenge allowed teams to attack a private, isolated, and persistent SQL instance through a web application that wasn't solvable with the very generic "sqlmap" tool.

This talk touches on Vito's experience with web-based challenges as both a player and challenge author, SQL sandboxing techniques and how they affect game operations, mitigations for sqlmap, and potential future work.

Talks - Prime Dome
Prime Dome