DragonDefense
  • DragonDefense
  • Cybersecurity
    • Overview
  • Capture The Flag
    • About CTFs and General Advice
    • 2024 Target Cyber Defense Challenge
      • Tutorial
      • Defense
      • Offense
Powered by GitBook
On this page
  • P1 - wicys[Welcome]
  • P2 - Hidden Challenges
  • P3.1 - Sub-challenges
  • P3.2 - Limited Attempts (1000 attempts)
  • P4 - Hints
  • P5 - Cooperation
  • P6 - Scenario
  • End of the Tutorial
  1. Capture The Flag
  2. 2024 Target Cyber Defense Challenge

Tutorial

There were six (seven including the sub-challenge) tutorial challenges designed to teach the fundamentals of CTFs. Each tutorial challenge was designated with a "P" preceding it's number. If I remember correctly, only P1 was open at the very start. As you completed challenges, more challenges opened. After you completed P1, then P2 opened, after completing P2, P3 opened and so on.

P1 - wicys[Welcome]

In the first challenge, a brief lesson on what Capture the Flag competitions are, format of flags, some general tips (such as avoiding whitespaces when entering flags), and how points and difficulty levels are assigned in this CTF. Objectives are given in each challenge which direct you to find the flag.

The flag for this challenge? The name of this challenge.

P1 - wicys[Welcome] [solution]

I hope you got this one! The flag was

wicys[Welcome]

P2 - Hidden Challenges

In this challenge, an explanation of how this CTF will work was given. Essentially, you start with three challenges each in Defense and Offense. As you complete the challenges, more challenges will open. This is due to the story-drive setup of the CTF; later challenges contain hints from earlier challenges, so to avoid spoiling the fun, these challenges were hidden in the beginning.

Objective: Combine the first letter from each sentence in the challenge not including this objective. I'm not going to copy the text they gave us here, but I'll include the nonsense answer you'd get if you followed the instructions with my text.

P2 - Hidden Challenges [solution]

The original flag was

FLAG

The flag for my wonky challenge would have been:

IEAT

Hm. Maybe I should have continued until the flag was IEATSANDWICHES? lol

P3.1 - Sub-challenges

This CTF was broken into sub-challenges that were each worth less points, but combined still amounted to the same as a regular challenge. As in this challenge, sub-challenges would be given the normal number but added ".1", ".2" and so on indicating the sub-challenge number.

Interesting but useless fact: The maximum number of sub-challenges in this CTF was 5, which happened in Defense challenge D10 - Strelka Analysis.

Evidently someone got hungry as this was the prompt for this challenge:

We're running out of fun ideas for intro flags, so this one is uhh, "submarine sandwich".

Now I'm hungry!

P3.1 - Sub-challenges [solution]

Uh... the flag was

submarine sandwich

P3.2 - Limited Attempts (1000 attempts)

Most of the challenges have unlimited attempts to enter the flag. Although accuracy (number of incorrect attempts vs correct attempts) was measured, it wasn't used anywhere except on each individual's profile. However, some challenges could be brute-forced, or in other words, they could be guessed if given enough tries. For example, if you knew the flag was an email and you had a list of possible emails, you could just sit and enter all of them until you got one of them right. Therefore, on a few challenges, the number of attempts you got were limited.

The flag for this one I really didn't like since I don't like guessing in general but...

Guess which number I'm thinking of, 1-10! And then please never try to guess an answer like this again! NO TRICKS HERE. Please don't overthink this!

Yep. They went there.

P3.2 - Limited Attempts [solution]

Honestly, I forgot what number was actually correct. I REALLY wanted to get it in one go, but I'm not that good at guessing. And even worse at mind-reading. Originally, I thought the "don't overthink this" meant it was the first number on there, so I tried 1. Which was wrong. My second try was successful thankfully.

10

The only reason I know what the answer really was at this point is because I took good notes while I was doing this. lol

P4 - Hints

As the name suggests, this explained the hint system for this CTF. If you're interested in how the hint system worked, continue to the next paragraph. If not, feel free to skip the next paragraph.

The number and type of hints varied between specific challenges. A few had no hints, while others had as many as five hints, starting with a small nudge to a straight-up walkthrough. If you wanted a hint, you had to "purchase" it with points you had already received. In other words, at this point in the CTF, you only had access to P1-4. So after completing P3.2, you should have had 90 points (30+30+15+15). So, in theory, you could purchase hints up to 90 points. You had to purchase the hints in order, from small nudges to the walkthroughs, which cost more points than the nudges. If you just took the first small nudge, it was ~10% of the value of the challenge, while taking a walkthroughs would, in total, cost you 90% of the points. As an example, this challenge was worth 100 points and had three hints each worth 10, 20, and 60 points for a total of 90 points (which, incidentally, was how many points we had...). So you had to open the 10 point hint, then could open the 20 point hint, and finally were able to open the 60 point hint which gave you the flag. There is some weirdness to this system, which I'll briefly touch on in P6.

After opening all the hints, the flag was all the bold characters in the text in the last hint.

P4 - Hints [hints]

10 Point Hint:

This hint costs 10% of the challenge's value, or 10 points.

Unlocking this will make the next hint available for unlock.

20 Point Hint:

This hint costs 20% of the challenge's value, or 20 points. It's also only available if you unlock the first hint.

Unlocking this will make the walkthrough available for unlock.

60 Point Hint:

This is the walkthrough of the challenge. It costs 60% of the challenge's value, but is only available after unlocking the first 2 hints.

Altogether, unlocking this hint will cost 90% of the value of the challenge, but you're pretty much guaranteed to get it from this.

If, after unlocking the walkthrough, you're somehow still stuck, sign up for office hours and we'll help you out.

Oh, I almost forgot, the flag is made of all the bold letters in this hint.

P4 - Hints [solution]

Unfortunately, for may of us working the challenge, this was particularly hard to see on some screens, so many people ended up copying the text into another app to see.

unlocked

P5 - Cooperation

While I haven't participated in a lot of WiCyS challenges before, I have done a few and WiCyS is big on helping others. In this case, as in previous cases, they open a Slack Workspace for the participants to network, chat, and help each other. Obviously, this was a competition, so some rules had to be set. In particular, the word "nudge" was encouraged and the usage of the word "hint" was discouraged.

The flag was a multiple choice question:

Which of these is correct?

P5 - Cooperation [solution]

Answer:

We can nudge each other by offering limited assistance to those in need

P6 - Scenario

This was the last part of the tutorial before we were allowed to dive into the real challenges.

The scenario of this was a casino named "The Lucky Lion" that is under attack. Participants are both the attacker (Offense and all "O" challenges) and the defender (Defense and all "D" challenges). That's pretty much it. For the flag:

Enter "LET'S GO" with as many O's as you feel represent your current hype level.

P6 - Scenario [solution]

I have no idea how many O's I entered, but I was impatient to get started, so I assume it looked something like this:

LET'S GOOOOOOOOO

The only other interesting thing to note in this one is that originally this challenge was worth 58 points, but on 7/25, it was increased by 1000 points to 1058 because people couldn't buy any more hints. This is the only oddness I wondered if they could fix. Because I had tried to just skim everything and complete the tutorial quickly, I didn't really read the hint explanation and thought that getting a hint made that challenge just worth less and not that it was taking it out of your existing points! That would have made more sense to me and would have avoided the need to increase the points. At one point I thought it could also have been a limitation of the CTFd platform. But in some challenges, if you took all the hints, you actually lost points overall. So, I guess that's the way they wanted it, I guess?

End of the Tutorial

After you entered the last flag, it opened up three Defense challenges (D1, D2, and D3) and three Offense challenges (O1, O2, and O3). You also now had 1200 points. Now on to the good stuff in the next sections!

Last updated 10 months ago

Interesting but useless fact: There were four challenges with limited attempts: D1 (5 attempts), D5.1 (10 attempts), D9.2 (5 attempts), and O5 (10,000 attempts). I sense a question in you. Just wait.

😂