Young hacker smiling

Zero false positives

Expert intelligence + effective automation

Technical Challenges

This stage is parallel to the other stages of the process and therefore, the more progress you make on it now, the greater the probability is of being evaluated before the other participants once the other stages finish.

It can also be considered as a kind of lifesaver in the process, because you may not have graduated yet, have no previous work experience, or get a low score on your knowledge test, but if you able to successfully finish this stage, you will show that you have the most valuable competence of all: The ability to learn new things on the fly and apply them to solve real problems. This, along with human warmth and strong values, have more weight than everything else.

1. Philosophy

In this stage, we want you to evidence your technical skills through practical exercises and problems similar to the ones you will face in Fluid Attacks.

The technical challenges are divided into vbd-hacking, ctf-hacking and programming challenges. With the former, you demonstrate your skill to bypass security controls. With the second one, you demonstrate your adaptation skills when it comes to solving problems in unknown environments. With the latter, you show that you are able to quickly understand source code, and thus it will be easier for you to audit it.

By solving challenges, we look forward to:

  1. Promote the solution of unresolved challenges.

  2. Encourage self-directed and independent learning

By uploading your solutions to GitLab, you will be able to:

  1. Use the GitLab infrastructure to analyze your efficiency and work quality as you adapt to the process.

  2. From early stages, familiarize with the tools (Git, AsciiDoc, Python, Gherkin, etc) and concepts (automation, unit tests, continuous integration, linting, etc.) that you will use in your daily work in Fluid Attacks.

  3. Make your results visible to the community and the team.

2. Objectives

  1. Solve 3 unique programming challenges.

  2. Solve 3 unique ctf-hacking challenges.

  3. Solve 3 unique vbd-hacking challenges.

3. Recommendations

  1. When solving programming challenges, We recommend Codeabbey. Also, we suggest using a language that is not widely used.

  2. When solving ctf-hacking challenges, we recommend Root Me

  3. Submit your solution immediately after you solve the challenge. Do not accumulate solutions on your computer without sending them, because this way, you will never receive feedback in order to know what you are doing wrong

4. Stage steps

To successfully finish this stage, you must:

  1. Register on GitLab using your personal email and a username of your liking. Your username must not exceed 12 characters in length and only contain lowercase letters and numbers.

  2. Join our Slack channel, where you can interact with Fluid Attacks personnel and other candidates who are currently in the same stage to solve doubts or issues.

  3. Request developer permissions to the Training repository through this form.

  4. In the Repo Access Message field, paste the following message:

    I have read and understood all documentation pertaining to technical challenges, I agree to all of the terms and therefore request access to the git training repository with my GitLab username.

  5. Complete three (3) programming challenges

  6. Complete three (3) ctf-hacking challenges

  7. Request developer permissions to the Writeups repository through this form.

    This time around, the Repo Access Message field should have the following:

    I have completed three (3) programming and three (3) ctf-hacking challenges in the training repo therefore request access to the git writeups repository with my GitLab username.

  8. Complete three (3) vbd-hacking challenges in the writeups repository

5. Conditions

The challenge stage ends under any of the following conditions:

  1. You have met all objectives and Sent an email with the links to your solutions in the master branch.

  2. If there is no activity (push to the git repos) in 14 calendar days.

  3. If you explicitly manifest your desire to end the process in an email.

  4. If you present someone else’s complete or partial solutions as your own (plagiarism).

  5. If you solve a challenge with the help of others.

In all cases, the email address for these steps is:

If you were removed from the process due to any of these circumstances, except for the last two, You may apply again at any time and start over the process by clicking here

6. Questions

7. Property

  • The proprietary rights of all content in the repositories are defined in the files:

  • The license and privileges that users of the repositories have are defined in the files:

  • Carrying out a merge request implies the transfer of copyrights. Therefore, all information contained herein may be used by Fluid Attacks for any commercial purpose, always preserving the moral rights of their authors.

8. Plagirism

Having the solutions available at everyones disposal poses an opportunity for plagiarism, How do we show the solutions to the world and avoid plagiarism? Plagiarism is not a technical problem, It is a moral problem of presenting someone else’s work as your own.

To avoid plagiarism we seek visibility and an explicit declaration of the authorship of each algorithm in a centralized place. This provides clear evidence of the attribution of authorship and allows for public scrutiny in case of plagiarism.

In other words, the current model avoids plagiarism through total transparency.

Fluid Attacks actively applies algorithmic similarity detection techniques on all solutions submitted. In particular using:

9. Submission

Now that you know all the rules and have a general understanding of why these challenges are important, you can proceed to the Submission guide and start posting your solutions. Good luck!

10. keywords

  1. ToE: Target Of Evaluation

  2. VBD: Vulnerable by design

  3. CTF: Capture The Flag

Service status - Terms of Use