Posts

Showing posts from January, 2019

BHIS CTF@Shmoocon 2019 - Feeling Blue?

Image
I was lucky enough to score tickets to Shmoocon again and of course I was looking forward to working on a CTF while I was there. Black Hills Information Security had organized a CTF to run at Shmoo which made me super happy as I have a lot of respect for them and was excited to see what they had in store for us players.

Unfortunately, I had to work most of Friday and leave first thing Sunday morning. This left me with only a handful of hours on Saturday to compete as I balanced my time with other con activities.

My coworker, Wole, joined the team and together we reached as high as 13th place in just a few hours. The final scoreboard was still hidden at the time of this writing, but I have a feeling we got knocked down a few spots.

The CTF was powered by MetaCTF and the challenges were categorized as follows:
CryptographyReconnaissanceWeb ExploitationReverse EngineeringForensicsOther One challenge that I thought would make for a good blog post to write on the train home was called: &quo…

Code Name: 2019 Stonecutters CTF

Image
A secret society, not unlike the illuminopi (did I spell that right?), is putting on a secret CTF that will run for all of 2019.  They will add challenges over the course of the year, some exist but are currently locked behind other challenges, and some will be retired as the solve rate reaches 100%.

I have been given permission to write-up retired challenges if I scrub all of the CTF's identifying information.
So that I can refer to this event, I've code-named it: the 2019 Stonecutters CTF.

The 2019 Stonecutters CTF
In addition to what I have already shared, I can tell you is that this a Jeopardy style CTF, when challenges are solved the point value decreases, and there are a lot of very high-level competitors playing...like 100 of them, so I don't expect to score a lot of points.

Please feel free to check back every now and again for updates or watch the following twitter feeds for newly added write-ups:
@strupo_
@TeamWTG

Thanks,
-strupo_

Challenge Write-Ups:
Quinn Hopper…

Code Name: Treehouse of Horror CTF

Image
A friend of mine asked me if I wanted to participate, on the sly, in an internal CTF that he put together for his employer. My score wouldn't be shown, and for all intents and purposes I did not compete. I figured I'd give it a code name incase I need to refer to this event. Let's call it the Treehouse of Horror CTF.

The Treehouse of Horror CTF!
The scoreboard appeared to be similar to the one used at the Defcon 26 IoT CTF, however this one was organized by challenge which made things nice for tracking your own progress versus one huge board of challenges.  I think this is called Jeopardy style. There were some odd moments at times because different challenge groups shared a target, so you had to identify which flag went with which challenge. Really not that big of a deal and I actually really enjoyed the format rather than just a single submit field like at derby or Eversec's CTF as it helped me track my progress with ease.

The challenges were:

FreePBX
Redmine
FTP
Bac…