Target x WiCyS CTF 2024

Target CTF 2024 challenge creators

Event announcement (July 18th-August 8th): https://www.wicys.org/event/target-cyber-defense-challenge-informational-webinar/

Sixteen of Target's infosec staff (which is ~200 strong) led by Director Sydney Delp, designed a refreshingly new type of CTF for the 3rd year of their partnership with Women in CyberSecurity (WiCyS) this year.

Traditional CTFs are held together by puns and puzzles requiring prowess in roughly 5 or more specialities (e.g. OSINT, web exploit, binary exploit, forensics, cryptography, reverse engineering, and pwn). They also run for 1-2 days. But Target simulated stages of an incident response case. Not for the pretense of having a theme, but a true case study.

Theirs is a blend of lab course and obstacle course, grounded in real-world workflows. For example, Target developed an open source tool called Strelka that works with Yara to scan for files on an enterprise level. And they expected us to figure out how to use it.

I ranked 62nd of 793 registered players (amongst 1200+ applicants).

This was the first CTF where I finished all the challenges and was working up to the final second. If my last flag made it through submission, I would've ranked 54th. I felt like I ran a marathon once it was over. Below is a full list of the challenges (minus the tutorial).

Defense
│   ├── D1. Secure Your Perimeter (100)
│   ├── D2. Look for Insider Threats (300)
│   ├── D3. Investigate a Suspicious Email (25)
│   ├── D4. Write IOC detection (100)
│   ├── D5.1. Identify compromised user (25)
│   ├── D5.2. Identify compromised user (75)
│   ├── D5.3. Identify compromised user (20)
│   ├── D5.4 Identify compromised user (50)
│   ├── D6. PCAP Analysis (100)
│   ├── D7.1. Review Connection Logs (Host A) (50)
│   ├── D7.2. Review Connection Logs (Host A) (50)
│   ├── D8. YARA Analysis (500)
│   ├── D9.1. Review Connection Logs (Host B) (75)
│   ├── D9.2. Review Connection Logs (Host B) (50)
│   ├── D10.1 Strelka Analysis (20)
│   ├── D10.2 Strelka Analysis (20)
│   ├── D10.3 Strelka Analysis (20)
│   ├── D10.4 Strelka Analysis (20)
│   ├── D10.5 Strelka Analysis (20)
│   └── D11. Trace the handoff (100)
│
└──[-] Offense
    ├── O1. Find your Targets (100)
    ├── O2. Build a Credential Harvester (100)
    ├── O3. Constructing your Phish (100)
    ├── O4. Use your Captured Creds (100)
    ├── O5. Take Over an EDR Account (300)
    ├── O6. Find a Way In (100)
    ├── O7. Bypass the EDR (300)
    ├── O8. Performing an Exfil of a Filesystem (300)
    ├── O9.1 Escalate your Privileges (150)
    ├── O9.2 Escalate your Privileges (150)
    └── O10. Sell your Access (100)

Target usually offers official write-ups, but they haven't been released. So here's mine: D2, D8, O3, O7, O8, and O9.1. Other player write-ups: Caelum (aka Eris He), maihacks (aka Milah Thomas), Jodi (aka DragonDefense), Jess (aka CyberSecJess), and JWilliams (aka ThinkSecureNow).