First Strike
Challenge: There was a cyber attack on ESU's website on July 27th. ESU IT staff collected data from the attack and need your help sifting through it. W...
DEADFACE 2022
DEADFACE CTF was a two day event organized by Cyber Hacktics that ran October 14-15, 2022.
My brother and I teamed-up again for this year's CTF and placed 23rd out of nearly 1200 teams, thus fulfilling the goal we documented last year, "to be in the 20's", after placing 36th in 2021.
Badges Awarded
 |
|---|
| Competitor |
The challenges are listed in the order we solved them.
Toolbox
Challenge: What tool was used when the attack started at 2022-07-27 14:13 UTC? Submit the flag as flag{tool}. Example: flag{notepad}. Use the files fro...
Agents of Chaos
Challenge: What is the first user agent of the second scanning tool used by the attacker? Submit the flag as flag{user agent string}. Use the files fro...
Easy Creds
Challenge: We were going through password dumps and we found a password hash associated with an email address that crypto_vamp uses. See if you can crack ...
The Goodest Boy
Challenge: We found this image on Ghost Town. We think bumpyhassan hid some information here. Can you see what information he hid? GhostTown Thread ...
Under Public Scrutiny
Challenge: DEADFACE mentioned on Ghost Town that they have a public GitHub repository. See if you can find a flag hidden that belongs to DEADFACE. Subm...
Counting Heads
Challenge: DEADFACE compromised a database from Eastern State University. They fired their security team, and now they're reaching out to you to see if yo...
The Faculty
Challenge: How many of the compromised users in the database are not students? Submit the flag as flag{#}. Use the database from Counting Heads.
Scans
Challenge: ESU's IT staff noticed some peculiar traffic from DEADFACE at the beginning of the attack. They sent a series of handshakes - the IT staff is s...
Shells
Challenge: We know now that the attacker uploaded a file called info.php to gain access to the web server backend. What is the name of the tool/shell that...
"D" is for Dumb Mistakes
Challenge: To show off their 1337 programming skills, DEADFACE attempted to create their own encryption process to help them communicate privately. Althou...
Two Dead Boys
Challenge: Good evening, this is a NEWSFLASH from Quick News Network (QNN)… I'm Crime News Reporter Frank Viginere. Ladies and gentleman skinny and sco...
"D" is for Decryption
Challenge: Now that you know the correct RSA decryption value d from "D" is for Dumb Mistakes, can you use it to properly decrypt one of DEADFACE's privat...
Database Crack
Challenge: We did it! We managed to get a copy of a password database from deephax. Can you crack the password to get into the database and see what thing...
Fine Dining
Challenge: Turbo Tactical is trying to collect data on DEADFACE members. There was talk in Ghost Town about a member whose father owned a restaurant. If w...
Escalation
Challenge: Somehow, the attacker was able to gain root access to the web server. We believe the attacker leveraged an existing file to gain root access. W...
New Addition
Challenge: DEADFACE tried to add a user to the ESU database. What is the username of the user they tried to add to the database? Submit the flag as fla...
Grave Digger 1
Challenge: Turbo Tactical has gained access to a machine owned by DEADFACE. It appears crypto_vamp, a new recruit at DEADFACE, used a weak password for hi...
Iterations
Challenge: What is the name of the tool that likely resulted in DEADFACE acquiring login credentials to ESU's website? Submit the flag as flag{tool}. ...
Submission
Challenge: What artifact did DEADFACE place onto ESU's website to gain access to the filesystem? Submit the flag as flag{filename}. Use the files fr...
Grave Digger 2
Challenge: A member of DEADFACE has a sensitive file on d34th's machine. See if you can find a way to read the gravedigger2 file. Submit the flag as flag{...
Eye Know, Do You?
Challenge: lamia415 sent a warning email to other De Monne employees with an image attached. The employees, however, can't figure out what the intended m...
Going Old School
Challenge: Unable to use their RSA encryption program, luciafer resorts to using old school techniques to send a message out to the team. Can you deciphe...
Passing on Complexity
Challenge: ESU's IT staff swears up and down that the backup user's password is secure and follows best practice. Their internal auditors are not convince...
The Root of All Evil
Challenge: DEADFACE is known for leaving a "calling card" on systems they exploit. What flag did the attackers leave after they gained root access to the ...
Let's Hash It Out
Challenge: DEADFACE discussed what users they were going to target out of the database dump obtained. Look around on Ghost Town and submit the password ha...
Fall Classes
Challenge: How many unique Fall courses are present in the database dump? Submit the flag as flag{#}. Use the database from Counting Heads.
Inode What You Did Last Summer
Challenge: One of the security researchers at ESU needs help in their forensics of the ESU attack that occurred on 2022-07-27. They are asking if you can ...
Gone But Not Forgotten
Challenge: It looks like DEADFACE members shared their public keys last month. All of them sent their keys over Signal or email except for spookyboi. He m...
RansomWAR 1 - Let's HASH This Out, Fellas
Challenge: The RansomWAR has begun! Last year, Luciafer attempted, and TheZeal0t succeeded, in encrypting a large number of Lytton Lab's sensitive files w...
Branching Out
Challenge: Using the memory dump, what was the date/time on which the web service was starting? Submit the flag as flag{timestamp}. Use the file fro...
Spectre WiFi
Challenge: A NETGEAR router in the main library of Eastern State University was hacked, leading to a prolonged man-in-the-middle attack and student passwo...
Life's a Glitch
Challenge: Another one of De Monne's employees was compromised. DEADFACE left a GIF image of what looks like a glitched face. They claim there is a flag ...
Missing Home
Challenge: We intercepted this email being passed by a DEADFACE member. We tried some steghide, but that didn't work. Help us out here!
Spiraling Out of Control
Challenge: A message was left by DEADFACE on one of De Monne's machines. In Ghost Town, mirveal mentioned that he posted a hint on Twitter. This was th...
Intercepted
Challenge: We intercepted an attack against the host finance1. Please help us figure out what the attack was supposed to do. The flag will be in the forma...
Monstrosity
Challenge: We found this program written by mirveal. He used it to hide a password in the form of a flag. See if you can find the flag in the program. ...
Dreaming of You
Challenge: Someone doesn't understand networking traffic. Now I know their deepest crush. Can you find the flag from the PCAP file? Submit the flag as fla...
Cracking NTLM
Challenge: DEADFACE member lilith got into our Domain Controller and dumped our hashes and claims she got an accounts credentials! Can you figure out what...
Home of Record
Challenge: What is deephax's home address? Submit the flag as flag{street, city, state abbreviation zipcode}. Example: flag{123 Main St, Sacramento,...
SHAshank Redemption
Challenge: There is some internal back-and-forth at ESU regarding which file was exfiltrated by DEADFACE. They've asked us to determine "the hash of the f...
Cereal Killer 02
Challenge: How well do YOU know TheZeal0t? See if you can answer this trivia question! Enter the answer as flag{here-is-the-answer}. Download Fi...
Matrix
Challenge: Turbo Tactical is looking to infiltrate DEADFACE. We know they're picky about whom they allow into their group, and recently they've started ve...
Manhunt
Challenge: Last year, De Monne was infiltrated by an insider threat who was caught and arrested for his involvement with DEADFACE. He made a deal to lesse...
Information Security Enthusiasts
Challenge: How many Fall enrollments are there in Information Systems Security (ISSC) courses? Submit the flag as flag{#}. Use the database from Counti...
RansomWAR 2 - Indicators of YOU'RE HOSED!
Challenge: An "Indicator or Compromise" (IoC) is a unique feature of a particular piece of malware. IoCs are often used to help virus scanners and network...
Holiday Nesting Doll
Challenge: Holidays are a headache and this one is no different. The flag is fractured, can you find it? TIME is almost up! Santa is coming!