DEADFACE 2021

DEADFACE2021 Logo

DEADFACE CTF was a two day event organized by Cyber Hacktics that ran October 15-16, 2021.

My brother and I teamed-up for this year's CTF and placed 36th out of nearly 1200 teams, not too shabby, but our goal for next year is to be in the 20's…

Badges Awarded
Competitor

The challenges are listed in the order we solved them.

Unfinished

Challenge: There seems to be something wrong with this code. Can you figure out how to make it return the flag? Modify the code to show the flag. Submit t...

Body Count

Challenge: One of our employees, Jimmie Castora, kept database backups on his computer. DEADFACE compromised his computer and leaked a portion of the data...

Occupation

Challenge: Which employee at De Monne Financial was the target of DEADFACE that resulted in a data leak? Submit the employee's job title as the flag: flag...

Monstrum ex Machina

Challenge: Our person on the "inside" of Ghost Town was able to plant a packet sniffing device on Luciafer's computer. Based on our initial analysis, we ...

Cereal Killer

Challenge: spookyboi is really into Serial Killers. He loves to watch Mindhunter on NetFlix. He can also SLAY a bowl of his favorite cereal. (Choose...

The SUM of All FEARS

Challenge: After hacking a victim's computer, Luciafer downloaded several files, including two binaries with identical names, but with the extensions .exe...

Blood Bash

Challenge: We've obtained access to a system maintained by bl0ody_mary. There are five flag files that we need you to read and submit. Submit the content...

Blood Bash 2

Challenge: We've obtained access to a system maintained by bl0ody_mary. We believe bl0ody_mary stole a sensitive document and is storing it on her Linux m...

Password Insecurities

Challenge: It looks like DEADFACE is going after the password of one of De Monne's customers: Haily Poutress. She has since changed her password, but De M...

Window Pains

Challenge: One of De Monne's employees had their personal Windows computer hacked by a member of DEADFACE. The attacker managed to exploit a portion of a ...

Keys

Challenge: One of De Monne's database engineers is having issues rebuilding the production database. He wants to know the name of one of the foreign keys ...

Poor MEGAN!

Challenge: Oh, NO! Poor Megan! She's just been bitten by a ZOMBIE! We can save her if we act fast, but the formula for the antidote has been scrambled ...

To Be Xor Not to Be

Challenge: .$)/3<'e-)<e':e&'<e<'e-)<5 Submit the flag as flag{here-is-the-answer}

Blood Bash 3

Challenge: There's a flag on this system that we're having difficulty with. Unlike the previous flags, we can't seem to find a file with this flag in it. ...

Window Pains 2

Challenge: Using the memory dump file from Window Pains, submit the victim's computer name. Submit the flag as flag{COMPUTER-NAME}.

File 101

Challenge: An email, containing a photo of pumpkin, was found in an employee's Gmail inbox. The photo looks normal, but looks can be deceiving sometimes.W...

Send in the Clowns

Challenge: There is a secret hidden somewhere in this image. Can you find it? Submit the flag as flag{this-is-the-flag}. Link to Image SHA1: 74eaae618...

The Count

Challenge: Apparently DEADFACE is recruiting programmers, but spookyboi is a little apprehensive about recruiting amateurs. He's placed a password hash in...

Blood Bash 4

Challenge: A sensitive file from De Monne was exfiltrated by mort1cia. It contains data relating to a new web portal they're creating for their consumers....

Scanners

Challenge: Luciafer started the hack of the Lytton Labs victim by performing a port scan. Which TCP ports are open on the victim's machine? Enter the ...

A Warning

Challenge: Luciafer is being watched! Someone on the inside of Lytton Labs can see what she is doing and is sending her a message. One of them says: "...

TheZeal0t's Cryptoware IOC 1

Challenge: The Zeal0t's cryptoware has a particular network signature that can be used as an "Indicator of Compromise" (IOC). This indicator is unique to...

Old Devil

Challenge: We found this program written by luciafer. She used it to hide a password in the form of a flag. See if you can find the flag in the program. ...

Meetup

Challenge: A member of DEADFACE suggested that they all meet up at some point. With this information, we'd be able to contact law enforcement to get them...

Release the Crackin'!

Challenge: Luciafer cracked a password belonging to the victim. Submit the flag as: flag{password}. Use the PCAP from LYTTON LABS 01 - Monstrum ex Mac...

Luciafer, You Clever Little Devil!

Challenge: Luciafer gains access to the victim's computer by using the cracked password. What is the packet number of the response by the victim's system...

Big Boss

Challenge: An anonymous tipster sent us this photo alleging that it's a note written by b3li3f1203. The tipster claims that the note was intended for som...

City Lights

Challenge: De Monne wants to know how many branch offices were included in the database leak. This can be found by figuring out how many unique cities the...

El Paso

Challenge: The regional manager for the El Paso branch of De Monne Financial is afraid his customers might be targeted for further attacks. He would like ...

Cereal Killer 3

Challenge: luciafer also has a favorite cereal. It is also spooky, and very delicious! This one, however, is a bit tricky. Download the program and de...

Jailbird

Challenge: It looks like authorities arrested a member of DEADFACE. But who was it? Submit the member's username as the flag: flag{username}

Behind the Curtain

Challenge: This image was intercepted from Ghost Town. We think Donnell has hidden information here, but there doesn't seem to be anything special about t...

V0icE

Challenge: A friend of mine sent me an audio file which supposes to tell me the time of our night out meeting, but I can't comprehend the voice in the aud...

Luciafer's Cryptoware IOC 2

Challenge: Luciafer's cryptoware causes even more ruckus by encrypting the victim's file names. Decrypt the filename and enter it as the flag: Example fl...

You Shall Not Pass

Challenge: DEADFACE has been targeting De Monne employees based on the recent De Monne financial database leak. De Monne has already changed their employe...

Trick or Treat

Challenge: A user on Ghost Town created a game that he claims no one can beat. Check out the game and find the flag hidden inside. Submit the flag as: fla...

Luciafer's Fatal Error

Challenge: Luciafer, consummate hacker, got cocky and careless. She made a fatal mistake, and in doing so, gave control of her computer to… someone. She...

Persistence Pays Off

Challenge: Luciafer might have just bit off more than she can chew! She has encountered an adversary that is counter-attacking her system! Luciafer's L...

All A-Loan

Challenge: De Monne has reason to believe that DEADFACE will target loans issued by employees in California. It only makes sense that they'll then target ...

Dead Men Tell No Tales

Challenge: We've discovered a remote system used by DEADFACE. We're not sure what the password is, but we know Donnell Aulner has an account on that machi...

Luciafer's TOTAL Disaster

Challenge: Luciafer should learn to follow directions! Her "cryptoware" is a TOTAL disaster! She didn't realize that her choice of encryption algorithm,...

Boom

Challenge: DEADFACE actors will be targeting customers they consider low-hanging fruit. Check out Ghost Town and see who they are targeting. Submit the nu...

Not So Complicated

Challenge: Using the memory dump file from Window Pains, crack and submit Jimmie's password. Submit the flag as flag{cleartext_password}.

Window Pains 4

Challenge: We want to see if any other machines are infected with this malware. Using the memory dump file from Window Pains, submit the SHA1 checksum of ...

Window Pains 3

Challenge: Using the memory dump file from Window Pains, find out the name of the malicious process. Submit the flag as flag{process-name_pid} (include...

Scary Bunny

Challenge: What could be inside this creepy rabbit? Download image SHA1: 7ab2d9b1986ae12b780d0a2124a3adce6ed4c4e1

No One Ever Got Fired For…

Challenge: … BUT THEY SHOULD HAVE!!! We spent 20 MILLION DOLLARS for this refrigerator-sized BOX, and we have to pay money for every program that we run!...

Address Book

Challenge: It looks like DEADFACE is targeting one of De Monne's customers. Check out this thread in Ghost Town and submit the customer's name as the flag...

Spectres

Challenge: We intercepted this image from a suspected insider threat at De Monne Financial. It looks like parts of the image were cut out, but based on c...

Depths

Challenge: DEADFACE talks about having a potential buyer for the database leak on Ghost Town. Figure out where they're keeping the wallet info for cryptoc...

Treats

Challenge: There is another flag associated with the site found in Depths. Find the flag and submit it as: flag{flag-goes-here}.