On October 1, 2024, over six thousand people opened the Calculator application on their computer鈥攁ll at the same time.聽
But they weren鈥檛 solving any equations or doing any sort of calculations鈥 in fact, they were starting to analyze what process actually opened the innocent digital abacus. They would reverse engineer code, unravel and deobfuscate syntax, and look to find anything out of the ordinary: perhaps a malicious payload, a backdoor, or any special secrets that were in hiding.
This was the very start of the national Cybersecurity Awareness Month, and the very start of the 2024 杏吧传媒 Capture the Flag (CTF) event.聽
Soon enough, engineers, technicians, security practitioners, and students all over the globe uncovered the answer to that curious question: 鈥What鈥檚 up with this strange calculator?鈥
And the answer?
flag{e55ef8d0e8da0f20e187e102832f6513}
For many people, this string of text and random gibberish may mean nothing, but for the 杏吧传媒 CTF participants at the start of the month, this meant 500 points in the game鈥攁nd a place on the leaderboard!
But this was only day one鈥 they might not hold their position for long, because each and every day of the 杏吧传媒 CTF competition, new challenges were released! In just 24 hours there would be new exercises, tasks, and activities to practice malware analysis, reverse engineering, and application security.聽
This blog is a retrospective of the great 2024 杏吧传媒 CTF. 馃毄
In case you are not familiar, a 鈥淐apture the Flag鈥 (abbreviated CTF) event is a digital game. Not like a video game where you move a joystick on a controller鈥攂ut instead, your hands fly across the keyboard to truly play a hacker鈥檚 sport.聽
For what is called a 鈥淛eopardy-style鈥 event, there are a handful of categories for different security topics each with a set of different challenges鈥攁nd the competitors, either as individuals or working as a team, work to solve each exercise and uncover the 鈥渇lag鈥 to validate and prove they completed the task.
CTF events are a staple of hacker culture鈥攁nd we mean the good hackers, the security professionals who remain ever-curious and strive for a deeper understanding of technology.
Traditionally, Capture the Flag events run over the course of a weekend, or even a single day, with a short timeframe for players to sprint and solve as many challenges as they can. To celebrate Cybersecurity Awareness Month, 杏吧传媒 wanted to add a special flair to a CTF competition: the game runs all month, with new challenges every day. 馃槑
Building on what we did last year, we wanted to foster a community for learning, with some competitive edge, but still a relaxed environment where players can take their time, take a break, and return to even more toys to play with.聽
The thing is, CTF competitions really test your mettle鈥 the challenges can vary in topic, complexity, and difficulty. Players are exposed to new technologies or subjects they may never had experience with before, so struggling and learning from mistakes is all part of the game. That鈥檚 the thing about cybersecurity after all: there鈥檚 just too much out there to know absolutely everything, so we are all always learning!
But our 杏吧传媒 CTF is a bit more special: we bring to the table a ton of tasks focused on 鈥渂lue team鈥 work: digital forensics, incident response, malware analysis, reverse engineering, and more. There are of course some traditional challenges for more offensive security testing, but our goal is to present to the players real-world tradecraft from threats that are out there.
And from our perspective? It was a grand slam! 馃挜
Massive congratulations to our top winner, and a huge thank you to everyone who joined us.
Throughout the game there were a handful of challenges that were inspired by and echoed real world case studies of vulnerabilities and incident response. In many cases for tasks in the 鈥淢alware鈥 category, we would pick a payload off a real compromised endpoint, 鈥渄efang鈥 the sample and slap a flag inside鈥攕o players have challenges as real as it gets.
Some of the favorite challenges from both players and the development team:
And other top-shelf multi-part incident response tasks:
More difficult and hardcore challenges like 鈥淥ceanLocust,鈥 鈥淩ustline,鈥 and 鈥淕oCrackMes鈥 kept players up at night reverse engineering complex compiled binaries. Others were chasing OSINT findings to find hackers with 鈥淩an Somewhere,鈥 cracking ciphers with 鈥淏ase-p-,鈥 uncovering clues to the 鈥淢ystery鈥 challenge, or taking on 鈥淒iscount Programming Devices.鈥
And yet, we still left room for the zany, off-the-wall kinds of challenges that are so near and dear to the CTF culture. Battle a samurai in the terminal in Sekrio, overwater plants to gain a reverse shell in Plantopia, and stare deep into the abyssal black square emojis in The Void. A good mix of real-life challenges and levity goes a long way. We never take ourselves too seriously, after all.
For the finale and capstone challenge, Adam Rice closed out the game with his masterpiece, 鈥淧alimpsest.鈥 Taking its name from an archaic type of manuscript that has been effaced to write over, this challenge had players racing for the number one spot. By analyzing a set of Windows event logs chock full of secrets to unravel, players secured their final spots on the leaderboards and closed out an action-packed month.
The goal while participating in a Capture the Flag event should not always be 鈥渢o just win鈥濃攊t鈥檚 to learn something new, and ultimately, to have fun.
CTFs bring the hacking community together and help us all collectively grow. Even if you don鈥檛 solve all the challenges, you can read writeups and solutions after the event and see all the tricks and tools you didn鈥檛 know before. That鈥檚 the best part鈥攕preading the education and awareness, and helping level up our whole industry.聽
We hope the 2024 杏吧传媒 CTF was a great initiative for that. And we look forward to raising the bar for next year.聽
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
