Templates and Tips
Yaml
Vbd

Vbd

Template {user-name}.yml file for challenge/vbd all comments must be deleted in your {user-name}.yml file and the name for this file will be {user-name}.yml

Fill the fields in angle brackets <\> as indicated in the instruction after the following box

type: <scope>
user-name: <user-name>
stage: <phase>
discovered-vulnerabilities:
by-me: <X>
in-repo: <Y>
total: <X+Y>
estimated-vulnerabilities: <N>
discovery-percentage: <D%>
total-time: <total-time>
effort: <X>
date: <commit-date>
path: <solution-path>

  • <scope\> can either be code for programming or hack for ctf-hacking.

  • <user-name\> is your branch name

  • <phase\> You are in one of the following phases, select one of those depending on your case : challenges \ immersion \ training

  • <solution-path\> will be <solution-file\>** must conform to repository naming conventions.

  • <commit-date\> is the date when the commit was created, you can get it using "git log" command, however you going to need add the UTC date (add 5 hours if you are in Bogota, Colombia) its format will be:

    'Year-Month-Day Hours:Min:SecondsZ' For example: '2021-04-16 09:41:52Z'

  • X is the ACCUMULATED number of vulnerabilities in this system discovered by you

  • Y is the ACCUMULATED number of vulnerabilities already reported in the repo, not including those previously reported by you. All of these can be zero if you find a vulnerability in a brand new ToE.

  • N is the estimated number of vulnerabilities in the system. This number could be in the official documentation of the system or a site like VulnHub.

  • D is (X+Y)*100/N, with at most two decimals.

  • Productivity is the progress in points divided by the effort: P=(Y-X)/H

  • Total timethis is the total number of hours reported in the TimeDoctor app since you started the immersion process. (If you are currently in the Challenges Stage and do not use TimeDoctor, just make sure to keep track of the time that you have invested in solving and uploading the solution)

    For example, if TimeDoctor reports 48h y 30min you should set the total-time value to 48.5

💡

How to get the total-time in TimeDoctor?

  1. In the TimeDoctor App, click on the icon on the left bar corresponding to "Dashboard". It will open the dashboard in your browser
  2. Once the Dashboard opens in your browser, go to the menu named "Reports" and click on "Hours Tracked"
  3. On the right hand, click on "Date Range". A calendar will open where you will select two dates
  4. First, select the very first day when you started the Autonomic Jump process and then select the date of today.
  5. That shall give you the total time logged from the beginning of your process in hours:minutes
    1. Please make sure to write the total-time in hours ((hours * 60 + minutes)/60)

  • Effort is the number of hours dedicated to solving the challenge, and it must be calculated using the total-time.

    For example, if your last MR had a total time equal to 48.5 hours and for your current challenge the total time is equal to 58.5 hours your effort will be 10 hours. If you are pushing your first challenge the effort will be equal to the total-time

Next time you find a vulnerability in the same system, if other people have reported 3 vulnerabilities in that time, you will have 16 by me, 5 already in repo, 21 total.

All of these values must be filled in. There cannot be any fields that do not apply, since all challenges give some score and ranks. See Score (opens in a new tab)

Full example:

type: vbd
user-name: friendglak
stage: immersion
discovered-vulnerabilities:
by-me: 1
in-repo: 0
total: 1
estimated-vulnerabilities: 1
discovery-percentage: 100%
total-time: 48.5
effort: 3.3
date: '2021-04-08 14:57:03Z'
path: friendglak.feature

The following are user.yml files already merged in the repository

TestingCyb