branw.xyz

All CTF Posts

MetaCTF 2018 Write-ups

MetaCTF 2018 was held at the University of Virginia’s Darden School of Business this past weekend. Although a majority of the challenges were standard fare for CTFs, the competition also included a sizable portion of “physical” challenges like lock-picking, as well as legal and ethical case studies. With an emphasis on introducing and teaching cybersecurity, MetaCTF erred on the easier side, but the day’s schedule definitely put a crunch on finding all 48 of the competition’s flags.

Out of 56 teams, we placed 3rd with 11,258 points as team “Drink More Caffe”:

  • Lucas Mun, Virginia Tech
  • Christopher Truong, University of Virginia
  • Brandon Walker, Virginia Tech
Although we topped the technical challenges, the law questions also had a significant impact on the final standings.

Although we topped the technical challenges, the law questions also had a significant impact on the final standings.

This write-up will focus more on the traditional CTF challenges and the flags I spent the most time with, including the crypto, exploitation, reversing, and forensics sections. Most of the challenges were solved with a couple of lines of Bash or Python, and the executable challenges with Binary Ninja. Although the binaries are all 64-bit ELFs, all challenges can be solved on a Windows box without any issues.

Strategies for CyberPatriot

CyberPatriot is a secondary school-level cybersecurity competition based around hardening instances of desktop and server machines. Sponsored by the Air Force Association and Northrop Grumman, the program is an initiative to inspire a new generation of engineers for the adapting government landscape. It presents a unique experience, especially to those without any prior introduction to the subject matter.

Unfortunately, much of the competition is hazed with an air of mystery; if not for the upperclassmen who had first introduced me I would have had no idea what CyberPatriot entailed before diving straight in competition day. Even after two years I realized I wasn’t much more aware of what was really going on beyond the Mario coin sound playing every time I got lucky with installing anti-virus software. This expository piece is my effort to alleviate this void in understanding, if not only for myself but for any other CyberPatriot stuck in the same rut.

PACTF 2016 Write-ups

PACTF, as hosted by the Phillip’s Academy, was a three-round capture-the-flag that took place from April 10th to May 1st. This competition was unique in that it featured a week-long competition window allowing contestants to select their own forty-eight hour time frame. The rounds covered a variety of subject matters and offered challenges from the beginner to downright difficult levels.

We are the Forest Park Bruins, a team of five high school students and aspiring computer scientists from Woodbridge, Virginia:

  • Brandon Walker, your’s truly
  • Hamza Mir
  • Mathew Cinnamon
  • Michelle Miller
  • Joseph Bokossa

These write-ups will attempt to provide context and strategies for the competition’s problem set. Due to the inopportune timing of the competition however not all solves are documented. Nevertheless, code snippets beginning with $ were run on zsh on Ubuntu 14.04 while snippets beginning with >>> were ran in Python 3.5.