SEC-T CTF 2017 – Naughty Ads

Joining 2amResearch for the SEC-T CTF 2017 challenges here is a post from @akrotos solving the Naughty Ads web challenge. Top of the challenge rabbit hole Let’s head on over to the challenge page and load up Burp Suite. With a peak at the page’s html we see the the page contains an image with regions […]

SEC-T CTF 2017 – Report

Report was a nice little challenge, we were presented with a PDF file in which Mr. Belford  had written up for the FBI of the Gibson hack by Joey. The challenge alluded to Mr. Belford hiding something within the file. An initial look at the Report.pdf file nothing really stood out, except some troll flags […]

SEC-T CTF 2017 – Acid Burn

Acid burn was a fun challenge and given the hint within the challenge “hiding something in her background image” we figured it was a stego challenge 🙂 Upon downloading the file we were presented with a chall.webp which we have to admit we were not too familiar with .webp files types so we did a […]

SEC-T CTF 2017 – Sprinkler System

Given the challenge we browsed over to http://sprinklers.alieni.se/ and were presented with an old administrator interface for the sprinkler system. We took a look at the usual avenues when presented with a web challenge and browsed over to /robots.txt Noticing the /cgi-bin/test-cgi dir we immediately browsed to that web directory and discovered a test script […]

SEC-T CTF 2017 – Handle

First off thanks to the whole SEC-T team, we really enjoyed the Hackers 1995 theme, HACK THE PLANET!  As with most CTFs we had a freebie which was Joey needing a handle. Easily found in the IRC channel topic. Browsing to the IRC we get the flag:   Flag: SECT{CRASH_OVERR1D3}

ASIS CTF Finals 2017 – Dig Dug

In this post we wanted to share our solution to the ASIS CTF Finals 2017 Dig Dug challenge. Below is the challenge we were faced with: Seeing that this was a web challenge we simple clicked on the link and immediately we were redirected to an obscure web page. Can you dig it?! Noticing the […]