@3mrgnc3 said:
@ippsec said:
Personally, I really dislike the Realism vs CTF-Like in this thread. It’s really easy to lie to yourself and say the reason you didn’t get something was the failure was due to it being CTF-Like, or the author is a troll.Even if the problem is as stupid as you didn’t find the hidden directory! Guess what DFIR, after you pop boxes, is a thing. In the real world, files won’t magically be where you expect them to be, create good automated ways to hunt for that type of stuff. It’s super easy to pick a time period and hunt for documents around that time. I use this technique relatively frequently on real engagements if I see password resets I’ll go hunt for documents modified on the password reset date to see if they have a document somewhere with passwords.
That’s a very good point. I also see how such an option as I previously talked about could be open to abuse if people just want to vent anger/frustration at a particular box/creator too. Just because of ‘lying to themselves’ as you explained.
I mean, if the people in the community that are actually good can complete a hard box within 24 hours, and others are shouting troll because they have been stuck on it for a week. The problem isn’t necessarily with the box is it?
I absolutely agree on this point. Just because something is hard to find or hard to solve doesn’t mean its troll or the Box sucks. I would rather ask myself, why cant I find the final part and what can I do to change that. Personally, i enjoy a hard Box more than a easy Box, even tho I havent done any of the 50 pts Boxes yet, since I have to learn before I should start them. But isn’t something like this one reason most people are here ? I can just speak for myself but I am here to learn and I would enjoy a Box which is insanely hard and forces me to learn more about a certain topic much more than a Box where I run through in some hours.