IMPORTANT: Please contact us before you use any styling or content shown here!
Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition - Spring 2021
Mon 5th April 17:00 BST - Wed 7th April 17:00 BST
The CD Skids are back and playing for fun!
This CTF was run for both Cyber FastTrack and National Cyber Scholarship at the same time. Although these writeups were primarily made for Cyber FastTrack, they should also be valid for the National Cyber Scholarship competition.
This repository is the only one to be officially endorsed by Cyber FastTrack staff!
Want to play more and steal all of our flags? Join the National Cyber Scholarship Competition - Practice Arena with Tomahawque event code
frail-tub, open until May 31, 2021.
Registration
- Register on Cyber FastTrack's website to receive an email from the Capture-the-Flag platform, SANS Tomahawque. You’ll need to register with them to be able to play if you haven't used this platform before.
- Register on the National Cyber Scholarship Foundation's website
Leaderboard
- Cyber FastTrack - Spring 2021 Leaderboard
- National Cyber Scholarship Competition - Spring 2021 Leaderboard
Challenge Difficulties
- Easy - 100pts
- Medium - 250pts
- Hard - 500pts
- Extreme - 1000pts
Challenge Writeups
These have been organized in order they appear on the site:
Binary
| Easy | Medium | Hard | Extreme |
|---|---|---|---|
| BE01 | BM01 | BH01 | BX01 |
| BE02 | BM02 | BX02 | |
| BM03 |
Crypto
| Medium | Hard | Extreme |
|---|---|---|
| CM01 | CH01 | CX01 |
| CM02 | CH02 |
Forensics
| Easy | Medium | Hard |
|---|---|---|
| FE01 | FM01 | FH01 |
| FE02 | FM02 | |
| FE03 | FM03 | |
| FE04 |
Networking
| Easy | Medium |
|---|---|
| NE01 | NM01 |
Web
| Easy | Medium | Hard | Extreme |
|---|---|---|---|
| WE01 | WM01 | WH01 | WX01 |
| WE02 | WM02 | WH02 | |
| WM03 | |||
| WM04 | |||
| WM05 |
Event Info & Code of Conduct
Welcome to the Cyber FastTrack Capture the Flag (CTF).
Our challenges will test your creativity, technical skills and problem-solving ability. Identify your strengths and weaknesses as you analyze forensic data, break into vulnerable websites, and solve challenges built by industry experts!
Rules of Engagement
- You must participate fairly, as an individual, such that your score reflects your own individual ability. Telephone calls may be made after the event to validate your performance.
- Identified cheating may result in ejection from the event, and a ban of the individual participant or their school including all participants thereunder. Anyone banned from the event will be disqualified from all prizes in this, and future Cyber FastTrack CTF competitions. Sharing of flags, challenge keys, or providing revealing hints to other participants are some examples of what activities are considered cheating; this should not be considered an exhaustive list. If you are unsure of the activity you are undertaking at any time please contact [email protected].
- During this competition you will be provided with access to challenges and content for you to solve. You agree not to share solutions, post blogs, or otherwise share solutions until the competition is closed. After this period sharing solutions and write-ups is thoroughly encouraged and does not require express permission from the service provider.
- You may only use tools, techniques, or processes against the targets and endpoints identified in the challenge briefings, which you are given explicit permission to target. Use of the tools, techniques or processes against the infrastructure of the competition or other services outside the scope identified may be a violation of (amongst others) the Computer Misuse Act 1990 of the United Kingdom or the Computer Fraud and Abuse Act of the United States. In circumstances where error cannot be blamed, violation could result in rejection from this event, the Cyber FastTrack program, or prosecution by the relevant legal authority. If you are unsure of the activity you are undertaking at any time please contact [email protected].
- You agree not to intentionally disrupt the service, the provided challenges or infrastructure such as through the use of Distributed Denial of Service attacks. Doing so may result in termination of your access, or sharing of your information with the relevant legal authorities. It is not acceptable to attempt denial of service attacks, or to purposefully attempt to cause damage to the infrastructure or data, nor is it acceptable to identify flaws and to purposefully attempt to damage or disrupt other platform users, or their data.
- Absolutely no sabotaging of other competing participants, or in any way hindering their independent progress.
Good luck!
Advice from James Lyne
Unsure if you should compete? We've got some advice from James Lyne!
Contributors
Thanks to all the contributors who have solved challenges and submitted writeups to this repository:
- Josh Heng
- 404dcd
- Bottersnike
- Isaiah
- Alice
- Das
- Emily Chen
- Coderk 1250
- Rachelle Hu
- Eth007
- Vishnuu Gopi (VGTheOne)
- Sentinent
And of course:
1 Dec 03, 2021
0 Jan 10, 2022
13 Jul 04, 2021
38 Aug 09, 2022
6 Dec 28, 2022
41 Nov 22, 2022
4.8k Dec 31, 2022
838 Dec 18, 2022
5 Aug 02, 2022
11 Nov 11, 2022
219 Nov 28, 2022
101 Jan 04, 2023
27 Dec 20, 2022
2 Aug 31, 2022
9 Dec 27, 2022
32 Nov 05, 2022
365 Nov 30, 2022
25.7k Jan 08, 2023
23 Mar 18, 2021
22 Dec 04, 2022