2019 BSidesRDU - "Noobs Table" Experience and Challenge Write-Up

Welcome Thrillhouse Group attended BSidesRDU this year and instead of competing in the CTF, we contributed a stego challenge and also helped out at the "noobs table."  The idea of a noobs table has been kicked around for a little while now but this was the first time it was formally done at an EverSec CTF. Basically, there was a table in the CTF room reserved for people that are new to CTFs, and a couple of us were there to help with two sets of challenges created just for them. One was posted to the EverSec CTF challenges under the "newbs" category while teamWTG's contribution was a set of, effectively, offline challenges against an IoT device with extremely limited resources.

@uncue created the "newbs" challenges which included everything from service enumeration to lateral movement. Welcome Thrillhouse Group brought the "offline" set of challenges which included service enumeration, finding default credentials, password reuse attacks, a re…

Trudging Through the Derby MUD in Lock Step

For the final DerbyCon CTF, I decided to take on the MUD for team Illuminopi.

Derbycon 9.0 EvilMog CTF MUD
The CTF MUD was created by EvilMog and the world he created was pretty staggering. I really appreciate the effort that he put in to the MUD for us all to enjoy. For those that do not know. a MUD, or Multi-User Dungeon, is a real-time, text based, multiplayer game. You can learn more about them here.

Okay, let's get into it.
Upon your initial login and sign-up, there were more rules, tips, and tricks presented to the player. I mostly ignored everything and went in with tree branches a-blazing!
By the end of the conference; I believe I captured about 4 to 6 thousand points worth of flags in the MUD, and if I recall correctly, I only got about halfway through the challenges.

I attempted to make use of some evenings after the conference to take on the challenges outside of derby and got as high as third place:
Okay maybe I spent a day on it. 
Even with the pictures from a derby f…

DEF CON 27 - Our Car Hacking CTF Experience

The Car Hacking Village CTF at DEF CON 27 was a fun, educational, and humbling event to participate in. We got 9th place, mostly due to luck and tenacity. Before this event, we have not tried to interface with, let alone hack, a vehicle. So, we spent the whole of DEF CON 27 in the CHV CTF to change that. Here's our story...

CHV CTF Final Scoreboard
Unfortunately, we cannot offer up a single write-up for the actual car hacking challenges as we were unable to complete a single one of them. However, there were a lot of trivia questions which sent us down multiple rabbit holes where we learned terms, concepts, and attack vectors that we had zero knowledge of before. The purpose of this post is simply to share our experience and touch on building the nano-can and using a HackRF One to replay a key-fob button press.
Overall, I'd say that going to one of the largest hacking conferences in the world to participate in a hacking competition against something that you have zero experienc…

2019 Stonecutters - The Battle of Gettysburg

Here's our latest write-up for the secret Stonecutters challenge that we've code named "The Battle of Gettysburg."

Somebody is Going to Get Parasites
For this challenge we made use of a tool that automates OS command injection.

Okay, let's get into it.

Similarly to all of the other "Any Key" challenges, I registered my SSH key with the scoring server and I was able to connect to a web server on For more information about this CTF feel free to check out this post.

The web server that loaded was a simple input field that indicated that I needed to check if a file existed and a submit button that said fire.

Naturally, I tried /etc/passwd and here's what I saw:

When I checked for "foo", I saw a message that said "missed."
I then entered /flag.txt and got another hit.

I tried really hard to find an LFI, and I also spent some time attempting to eke out a SQL error. However, commix was the tool that won the Battle o…

A Primer for On-Site CTFs

I have been to many CTFs over the last five or six years and I wanted to share some tips, tricks, and advice for beginners. My hope is that this post helps those who are new to CTFs by sharing what I pack in my "go-to-war" bag, what some of the non-standard tools I use are, and how I spin up cloud based systems.

When the CTF room opens up, the first problem is finding a place to sit. I like to get to the room as soon as possible to ensure that we have a decent place to setup. For example, all of the Defcon villages on day one are crowded and intense. I encourage everyone that's serious about the event to line up well before it opens. Also, the CTF and the village talks are generally held in the same room so it is likely going to be noisy and seating will be limited. My advice is to sit as close to the infrastructure as possible.

It doesn't hurt to have a plan in place about approaching the challenges before you get there incase you can only tolerate a coupl…

ArcticCon 2019 CTF

Arcticcon is a conference by red teamers, for red teamers...and I was lucky enough to attend and participate in their 2019 CTF.


First of all, the conference was amazing. The first day was dedicated to the CTF, the second day had a focus on training/labs, and the third day was loaded with presentations that were all informative, inspiring, and packed full of tips, tricks, tools, and advice that I could actually use in my day-to-day.

The CTF had three main components to it, with SE being peppered in as well:
OSINTPhysicalNetpen I was assigned to team IronMan, along with five others.
OSINT On May 2nd, 2019, the CTF opened up for teams to begin working on the OSINT challenges. 
The Jeopardy style challenge board gave no hints and asked no questions.
Here is an example of a challenge:
Challenge Three

I began this CTF with some bad assumptions concerning when it was held last year, so shortly after I began my hunt for OSINT, I started submitting flags from last years challenges. Th…