DoD Cyber Sentinel 2024 | jng

Event info: 5,000+ applied, ~2,000 joined the Slack, and only 1,440 got on the scoreboard. (The last six players scored zero, but they may have spent their points on hints.) This was Correlation One's first CTF, so hiccups were expected. Upside is their challenge designers were top-notch: (an incredibly passionate pro who's as generous as he is skilled), David Morgan (who also fielded tons of tech support questions), Nathan Ord (who made us all stare at military airfields and bakery cafes for 8 hours), and (who made "exfil", which was my favorite).

Issues: A few challenges were adjusted in the middle of the CTF. There were lags and freezes from too many scans. A lot of beginners bombarded the Slack for help. Some players also tanked their ranks to view hints at the last-minute. Cause initially, we were told no official walkthrough/write-up will be offered.

The rest: Since official write-ups are available, I won't elaborate here.

I finished with 3 easy solves (IMO) and 1 advanced solve. Easy - Found a hidden directory in robots.txt, navigated there for the flag. Easy - Used a hex editor to correct the 'magic bytes' of a broken PDF and highlighting the text showed the flag. Easy - Located a cafe based on a photo and its address is the flag. (This was one of ones that got changed. Original answer had to be the MAC address of the cafe's WiFi router. That is possible to get, but required registering for a 3rd-party service called .) Advanced - Identified, extracted, and tidied 900+ lines of suspiciously encoded network traffic into one file, then decoded the file to reveal an image with the flag.

After the CTF, players were notified about a federal virtual job fair for civilians and sent a survey about "uniformed workforce" opportunities. But neither were exclusive, since it was all publicly available info. Lots of prizes were given away. One person won $500 USD just for attending the kickoff webinar. They plan to have another CTF in the fall and I'm looking forward to it.