Posted inContent engineering

The beautiful art of content engineering

Posted inContent engineeringNo Comments
The beautiful art of content engineering

Sora have always wanted to make this Q&A about his content engineering job , but between perfectionism and just being busy all the time (he is just browsing page 80 of unixpron subreddit and call that “for work”) this was delayed way many time.

The only thing that revived it was the random extroversion impulse that an introvert have when they don’t touch grass for too much.

Omnia
So what does that even mean? Y’all just want to dig into something and call it engineering?

Sora
Welp it is kinda digging and digging is engineering so I guess we are right (as usual huh?)
Simply put it, content engineering is a profession that deals with creating content that isn’t in the normal content mediums (text, image, video, and voice). It is engineering because you are making a new construct that you deliver content though it, and mostly every content produced have a different construct.

Omnia
Oooooooh, now I don’t understand it even more

Sora
ugh, hmmm, ok we just make cybersecurity training labs

Omnia
I understand now but what does cybersecurity have to do with this?

Sora
Well, aktually👆🤓, the position name is cybersecurity content engineering, but we just abbreviate that since everything in here screams cybersecurity, but there is many titles like cybersecurity engineer, lab engineer, web developer with extra steps ..etc

Omnia
So what do you acktually do?

Sora
My day to day is about making capture the flag challenges that test/educate the players’ understanding within a certain topic, the process involve thoughtful research of the topic, development of the environment, crafting the vulnerability, extensive testing of functionality, and deploying to the cloud. Other than that, we also work on making courses on various topics, deliver fine-tuned competition to enterprise customers, and providing support during these competition.

Omnia
Wow that looks like a lot of work, adult life is scary

Sora
Well it isn’t that much if you can manage you time (and not chase that crazy circular pivot scenario idea)

Omnia
Hmmm, but why do you like it tho? it sounds like a very niche job, Omnia loves cryptography which is niche too so she kinda understand that, but she is not doing it for work since she is underage.

How to cryptography 101
Trending
How to cryptography 101

Sora
Acktually, I also do make cryptography challenges, so that would be enough to sell you out on the idea.
Omnia
job application where

Sora
But generally speaking, it is hard to explain something that you love it so much that it kinda turn into an unconditional love. However, I can explain some stuff that are pleasant to me here:

1. Content engineering is an art

As I said earlier, content engineering is just another form of producing content. much like blogging(production of text), vlogging(production of videos), painting(production of images), and many more other forms. The satisfaction that can be gained from these professions is very much the same for us.(That feeling you get after that slick vulnerability chain you made or that mad idea you got in your dreams, fuyoooh.)

2. I am a nerd, what do you think I do for living

You tell me that I can get to read research papers all day, grind ctfs, make insane machines and puzzles that doesn’t make sense and watch people suffer though it, receive awesome feedback from this awesome community, have my cybersecurity training sponsored, AND get paid on top of that? Bro are you aladdin’s wonderful lamp?


While these might not be appealing to everyone, for a nerd like me who crave knowledge, it is heaven.

More nerding time

While staying on top of new things that comes out everyday like javascript frameworks is important for pentesters and SOC analysts, these two professions don’t usually “allow” you to keep up because of how intensive and faced paced they are. While this doesn’t apply for everyone, it is the case from most of the people I know. (sauce: HTB general chat)
Meanwhile, I get paid for running modified versions of dirty cow in production and making the company in debt cuz of aws bills.

Omnia
Ooh, that must be kinda fun actually. Hmmmm, since it is an art, what is your “signature” approach to creating this art?

Sora
They usually say that a trickster doesn’t reveal his tricks, but good luck matching the weirdness you are about to get.

So my methodology to creating a challenge usually goes like this

1. Reconnaissance

I usually try to understand my audience the best I can. Age, culture, and level of proficiency are an important factor here, both to determine the style and the thematices of the challenge, as well as to fine-tune the difficulty and the range of possible topics.

There are other factors as well such as the time frame for development , the type of the challenge and if there is any specific area I should focus on, and most importantly, the client’s requirements.

2. Enumeration

Using the information above, I start researching in the possible area, guided with the parameters above.
My research approach consist of five sub-approaches:

  1. The truth seeker:There is a certain vulnerability in my mind, and I want to know more about it to craft something about it.
  2. The ponderer: I was randomly reading something, and I figured that this could be a new challenge idea.
  3. The explorer: I am reading about something new that i have no experience with in order to expand my knowledge base to enable method 1 and 2
  4. The brew master: I am reading on many vulnerability to look for a way to mix them in a vulnerability chain
  5. The emperor: mix of all of the above

3. Vulnerability assessment

After finding many ideas and filtering them out to find an idea that clicks with me, I start the styling process.
In this process, I select one of my styling options depending on what i see best fit the challenge’s goal.
Currently, there is 5 styling options in my arsenal, 3 for full exploitation scenarios(machines,boxes rooms, boot to root, …etc) and 2 for categorical challenges(Web, Crypto, OSINT, misc …etc). shown as follows :

Scenarios:

  1. Quest mode, follow me: in this style, the challenge is designed in a way that the player is progressing through the challenge until they complete a quest. This mode is best fit for vulnerabilities that have progressing nature (E.x: bypasses, scavenger hunts ) but it can be applied to many vulnerabilities with good enough stories.
  2. Story mode type 1, first person perspective: In this mode, the machine is designed from the perspective of the player himself, and the way he, as character in the world of the machine, used the power of hacking to get to be root, making everyone happy, or sad, (depending on my creepiness status during the story-crafting process). This mode focuses on the fun aspect of playing the challenge more than the educational part, and have more tendency to use interactive attacks like phishing, but still can have some good vulnerability chains here.
  3. Story mode type 2, realism: in this mode, the machine is designed in a way that from a third person point of view, the machine is not meant to be hacked, and it is actually you casual restaurant webpage for example, and every configuration(or misconfiguration) is done in a realistic way, the same way you average web developer or sysadmin would do, and follows the overall theme of the challenge. This mode focuses more on the educational aspect by driving real world examples, but you can still incorporate a good story here.

CTF challenges:

  1. Educate: simple challenges that introduce a specific vulnerability in the desired topic, it has to be simple, but it can still be hard.
  2. Challenge: complex challenge that is designed to test your out of the box thinking.

After choosing a style, I start the story telling process, in which I just begin making an actual story of that challenge. I generally use original stories, but I sometimes, hmm, barrow some stores from history, current events, movies, too much from anime ..etc

4. Exploitation

After all of this, I start the actual development. Here it is a lot of tech crying and stack-overflow and whatever hot GPT is in there, I usually do that on a testing VM that I can break as much as I want and when I am happy with everything, I run my initialization script on a clean ec2/VM/docker template and copy everything over there.

As for the material I use, for libraries and software, I usually stick to FOSS(free as in oil) . For imagery and visual effect, I use free to use stock stuff, some AI hallucinations, common memes, and recently I am starting to learn how to digitally draw myself(I suck at it though).

5. PoC

In this phase, I run extensive tests to ensure that everything is in place. First, I check the environment itself, and see that everything is working.

Next, I check the exploitativity of the challenge to make sure that I didn’t change something that would break the vulnerability.

Then , I check for the too much exploitativity of the challenge, to uncover hidden unintended paths.

After that, I run some general tests that check various things more related to the technical environment.

Finally, I repeat previous tests until all checks passes(OMG that green text makes nothing else matter).
We also have a stage after this where we let someone else from the team test our challenge and we test theirs and give feedback.

5. Post-exploitation

The delivery, deploying the challenge to the cloud, making a writeup, representing the challenge in front of the team, and getting $$$… hey wake up

Omnia
Sorry you have been enthusiastically talking too much I felt a sleep, what were you saying again?

Sora
My work is not about hacking social media accounts of your crush, aren’t you young to have a crush to begin with???

Omnia
Runs…

Tags:
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    Your email address will not be published. Required fields are marked *