HI EVERYONE!!!!!
I hope everyone had a great summer! I hope it was all you could ever ask for and more!
I wanted to talk about a couple of cool cyber projects going on. Nerd things, but in my eyes, it’s very cool. But again, I am a nerd. So let me know in the comments what y’all think.
The first really cool project I was able to work on was the Conspiracy. This was a project that my buddies and I in the Competitive Cyber Security Org have been working on all summer. It was a multi-layered challenge that all students would be able to play in. The first of many layers to start and play the challenge was a really weird poster that had eyeballs, a red phone number, and Morse code. These were posted everywhere around campus, and I wrote a Discord bot integration script that would ping me every time someone called, and over the course of the challenge, we had over 1000 calls, so it was very cool to see people play it. Once you called the phone number though it would prompt for a code, which was the Morse code on the poster, and it would lead you to the next challenge and so on. I don’t want to spoil everything, as the challenge is still technically running, but after the first couple of weeks, we had two players beat the 10-layer challenge, and they will be awarded a prize very soon! Overall, though really cool project. Got to do a lot with phone tree logic, Discord bots, general backend infrastructure code with Python and Ansible, and then got to play around with the dark web 😉 Feel free to ask me more about it after Thursday.
The second cool project was a welcome back capture the flag event for CCSO as well. For this project, I ran the backend infrastructure for the event. I did this with our Kubernetes cluster that is running on the Oracle Cloud. The CTFd platform was used to host the challenges as well. I also wrote some web-based challenges where competitors had to use a variety of tools to try and find the flag. The first web challenge that was hosted on the cloud was an Old Main Archive website, where competitors had to use a directory scanning tool to try and find the hidden directory that stored an encoded key that would unlock the vault. Then the second challenge was a fake creamery ice cream online ordering site where users had to use a SQL injection to bypass the auth and get the admin account. Then the admin backend revealed the secret new ice cream flavor. The third and final challenge was a Beaver Stadium ticket website where you had to use JavaScript commands to decode the 4 layer encoded ticket barcode, and it revealed where the VIP seating was. Then, when the user browsed to it, it revealed the flag.
If you’re interested in trying the challenges yourself, they can be found here! (The links are safe to click on 🙂 )
https://creamery-cracker-intro-ctf.psuccso.org/
https://beaver-stadium-vip-intro-ctf.psuccso.org/
https://old-mainframe-intro-ctf.psuccso.org/
https://ctf.psuccso.org/challenges
That’s all for now. There are a lot of other stories I could tell, such as the competition I am running or my future competitions I will be traveling to! I’ll save that for the next post though!
Follow Us!