jng | tribbletron
jng | tribbletron
  • About
  • CTFs
    • Target x WiCyS CTF 2024
      • D2 Look for Insider Threats
      • D8 YARA Analysis
      • O3 Constructing your Phish
      • O7 Bypass the EDR
      • O8 Performing an Exfil of a Filesystem
      • O9.1 Escalate your Privileges
    • US CyberGames IV 2024
      • USCG IV: Forensics
      • USCG IV: Web
    • DoD Cyber Sentinel 2024
    • Amazon x WiCyS CTF 2023
    • PicoCTF.org
      • PicoCTF 2024
      • PicoCTF 2023
  • Links
    • Readings
  • Tools
  • Notes
    • To Burp or Not to Burp
    • Common issues
    • Rankings
Powered by GitBook
On this page
  1. CTFs

Target x WiCyS CTF 2024

Last updated 9 months ago

Event announcement (July 18th-August 8th):

Sixteen of Target's infosec staff (which is ~200 strong) led by Director Sydney Delp, designed a refreshingly new type of CTF for the 3rd year of their partnership with Women in CyberSecurity (WiCyS) this year.

Traditional CTFs are held together by puns and puzzles requiring prowess in roughly 5 or more specialities (e.g. OSINT, web exploit, binary exploit, forensics, cryptography, reverse engineering, and pwn). They also run for 1-2 days. But Target simulated stages of an incident response case. Not for the pretense of having a theme, but a true case study.

I ranked 62nd of 793 registered players (amongst 1200+ applicants).

This was the first CTF where I finished all the challenges and was working up to the final second. If my last flag made it through submission, I would've ranked 54th. I felt like I ran a marathon once it was over. Below is a full list of the challenges (minus the tutorial).

Defense
│   ├── D1. Secure Your Perimeter (100)
│   ├── D2. Look for Insider Threats (300)
│   ├── D3. Investigate a Suspicious Email (25)
│   ├── D4. Write IOC detection (100)
│   ├── D5.1. Identify compromised user (25)
│   ├── D5.2. Identify compromised user (75)
│   ├── D5.3. Identify compromised user (20)
│   ├── D5.4 Identify compromised user (50)
│   ├── D6. PCAP Analysis (100)
│   ├── D7.1. Review Connection Logs (Host A) (50)
│   ├── D7.2. Review Connection Logs (Host A) (50)
│   ├── D8. YARA Analysis (500)
│   ├── D9.1. Review Connection Logs (Host B) (75)
│   ├── D9.2. Review Connection Logs (Host B) (50)
│   ├── D10.1 Strelka Analysis (20)
│   ├── D10.2 Strelka Analysis (20)
│   ├── D10.3 Strelka Analysis (20)
│   ├── D10.4 Strelka Analysis (20)
│   ├── D10.5 Strelka Analysis (20)
│   └── D11. Trace the handoff (100)
│
└──[-] Offense
    ├── O1. Find your Targets (100)
    ├── O2. Build a Credential Harvester (100)
    ├── O3. Constructing your Phish (100)
    ├── O4. Use your Captured Creds (100)
    ├── O5. Take Over an EDR Account (300)
    ├── O6. Find a Way In (100)
    ├── O7. Bypass the EDR (300)
    ├── O8. Performing an Exfil of a Filesystem (300)
    ├── O9.1 Escalate your Privileges (150)
    ├── O9.2 Escalate your Privileges (150)
    └── O10. Sell your Access (100)

Theirs is a blend of lab course and obstacle course, grounded in real-world workflows. For example, Target developed an open source tool called that works with to scan for files on an enterprise level. And they expected us to figure out how to use it.

Target usually offers official write-ups, but they haven't been released. So here's mine: , , , , , and . Other player write-ups: (aka Eris He), (aka Milah Thomas), (aka DragonDefense), (aka CyberSecJess), and (aka ThinkSecureNow).

Strelka
Yara
D2
D8
O3
O7
O8
O9.1
Caelum
maihacks
Jodi
Jess
JWilliams
https://www.wicys.org/event/target-cyber-defense-challenge-informational-webinar/
Target CTF 2024 challenge creators