Thanks again for your interest in the security position at Feeld. We like what we've seen from you so far, and the next step is for you to show off your skills and knowledge with a practical task.
As a security engineer, you're doubtless familiar with CTFs - challenges requiring you to use your investigative and technical skills to exploit, decrypt, and backdoor your way through various stages of increasing difficulty.
We want you to build one. Show off the various vulnerabilities and weaknesses you know by inviting a user to find and exploit them, to obtain a password or token required to progress to the next stage.
Automation of progression is optional; while there should be some details after completing each level of how to start the next level, you don't need to implement glue to automatically move the user up a level. One simple approach for this is to have a user per level (excluding any web-based levels), with the password for the user being provided upon completion of the previous level.
Once you've implemented the CTF, provide a walkthrough on how to complete it. Make this very detailed - we want to understand the thought process of exploiting/cracking/whatever required to complete each level.
A minimum of ten. Try to build in some variety - don't stick to a single theme for all of them.
Fork this repository and commit your work to it. Once you're finished, submit a pull request.
Where possible, commit and push early and often - we'd like to follow your progress, though you won't be penalised on your commit/push patterns. Don't submit the pull request until you're ready for us to review your work.
While the task is intended to take a few days to complete, there is no hard deadline. As long as the time taken is reasonable, you won't face any negative consequences from how long you take to complete it. We'll be in touch to check in well before things become unreasonable, so take your time, and fit it around your other commitments.
This is entirely up to you. We'd generally suggest spinning up a small VM on a cloud provider and implementing it there - that gives you the most control over it. Linode or DigitalOcean are great choices, though it's entirely up to you.
If the cost of running the requisite infrastructure for the duration of the task is an issue, let us know and we can provide an instance for you.
Get in touch. You won't be penalised for asking questions on how we'd like the task completed.