Announcing the MVS 2023 CTF Winners and a NEW CTF Challenge!
Hi, all! This is Jessica Hyde and I am so excited to share the winners from the Capture The Flag competition at Magnet Virtual Summit 2023, along with the challenges, community write-ups, and the next challenge!
The February Magnet Virtual Summit 2023 CTF was another exciting competition. We had over 1250 people register for the CTF and 481 folks solve at least one question!
We’re happy to announce the winners:
- First place: Spyros Moysiadis
- Second Place: Emily Weatherill
- Third Place: Madi Brumbelow
And as always, we kept the game open for a First to Finish winner. This is the first player to get a perfect score which happened roughly 22 hours after the start of the game.
First to Finish: Kevin Pagano.
We want to give you the opportunity to keep working through the challenges, so we’re sharing the questions and links to the images below in addition to links to community solves.
Keep reading to hear about a NEW CTF available to play in May!
Images
Still need a copy of the forensic images? We are happy to have released an iOS 16 Full File System image as part of this data set as well as a Windows 11 image that takes advantage of some new features. There is plenty to explore in these data sets beyond the CTF itself.
- Download the images here:
- iOS image – MD5: 067606649297d7adcf6082e5ed0acbb9
- PC image – MD5: 8cf0c007391f4a72ddc12a570a115b46
- VMDK image – MD5: 7842c35856ff5b52919a8f878efea296
Questions
| Challenge Name | Question |
| Cipher Challenge | |
| Time to practice our CW. | -.- . -.– —... .–. .. -. . .- .–. .–. .-.. . — -. .–. .. –.. –.. .- .. ... –. .-. . .- – -.-.– |
| Time to return to the bas(e)ics and eat a salad . | TFk6THBLeHFqdWJMcEt4cWp1Yg== |
| I understood math till they started adding letters. | (23492930345809345834905890346890456890456804586 + 53453489824379894375555555555555555555555555555555555555555555553894792 / 234890390458349056748396748957698473586974589 * Y) + (23499596346045645896745988623904893753894679834579384579 / o * 2342342342346782025720570023) * u + 34502750923508934758932475898923025027590823759023758932750970789 * (r + e * (1834918237981237469812376491236491263478932176478231647823634789612) / ((203485739804856783474658394753498 – D + 8299578904356797823459238459823476592348759342) * 9827438923465897236498273493 / o + 2394573904853495793847534 – i * (23423489928937498384798 * n) + 392874982374982374983 * g) * (23893473920589267658972347 + G + 520938752348909023423904783490752345734928576 – r – 23498023849234789236723896329784692387 + 234234283746823746782365 / a) = te |
| I can’t remember that URL. I wish I could rewind my day and bookmark it! | 442%3Dt%3FwcVmRcN%2DKj9%2Feb%2Eutuoy%2F%2F%3Asptth |
| i Am Excited for thiS year’s ctf, no cap(s) | fc52c3f2c74e4f3e745a9042f283c46a28060ea71ec21424ab09c98092fe5efae7f99267a5c5ac55ad8b8e89b0ded9cc |
| iOS | |
| A few too many | How many different email accounts did the user have? |
| autoFill me in on the deets | Which email, other than their own, was autofilled in Chrome? |
| 1 fish 2 fish, red fish blue fish | According to the user’s email accounts, what is his favorite color? |
| Chef Boyardee 2.0 | At which market was the user viewing Chef Pasquale tomato sauce? |
| Staying stylish! | What color shirt did the user chose to put their snapchat bitmoji in? |
| Picking up Steam | What server was the user interested in making? |
| Overlooking Excellence | What Sports stadium was the user overlooking at Camilien-Houde belvedere? |
| Out of this world | Which terms and conditions site on Tik Tok is named after a space formation? |
| You’re going to crush this one! | What light-hearted game did the user spend the most time on? |
| Which way? | Which cardinal direction was the user turning when heading towards RHEINFAHRE? |
| First class seats out of here! | What 4-star Airline flies the most passengers out of the same terminal our user flew out of in Germany? |
| Boosting into a new era | The user was trying to learn German through an application, what promotion featuring a rocket was most commonly shown to the user? |
| Q-uestion | What Chinese networking website was associated with Linkedin? |
| You are here | Which airline lounge was viewed? |
| A river runs through it | At which location did the user travel the most meters according to Apple? (City, Country) |
| Lo siento, its going to be a cold one | What weather front was warned to the user by youtube? |
| Win 11 | |
| Gmail? Outlook? Yeah, right.. | What non-standard email service has the user used previously? |
| Two different versions, twice the emulation power! Makes sense to me! | The user installed and ran a mobile device emulation program on their system. Which 2 versions of this software did the user install? (Format: SoftwareName V1/V2) |
| LITEning fast write speeds! | The user’s system is equipped with a 256GB NVMe SSD. What is the make and model of this drive? |
| Really...? Plaintext...? | The user frequently accesses a Chrome Remote Desktop virtual machine. What password is used to log into this VM? |
| Why was 6 afraid of 7? Because 7 can unarchive virtual drives! | Within the past 2 years, a popular unarchiving program gained the ability to unarchive VHDX virtual disk images. What version of the program was this upgrade implemented? |
| We’re not in Kansas anymore... | The user has established an RDP connection to one destination more than any other. What is the Geolocation of this destination? (Format: City, ST) |
| Make sure to keep some tabs on that SysAdmin from Southern California | The user visited the Mastodon page of one user more than any others on the platform. What is the full legal name of the user Michael visited? |
| We have a History of attracting some sizeable donors with our projects | Michael used PowerShell to clone a particular GitHub utility. What is the account name of one of this repo’s most prominent sponsors? |
| Scratch that Itch.io | The user viewed a YouTube video by the creator BenBonk surrounding video game developers. Within this video, how many developers were involved with the project? |
| The breakfast bell is ringing | The user has been doing some research lately on fast food items. What is, according to some experts, the unhealthiest food item of the bunch? |
| Gotta Git going fast with some Accelrated emulation! | In order to emulate an Android device, the user required some specialized management tools. What Android port is used by default with these services? |
| Oh Deer...I think we’re lost | Michael lives just a mile south of a beautiful body of water. What is the name of this body of water |
| PCA – Program Clang Assistant? | The user has installed Android Studio with a specialized plugin dedicating to diagnosing and fixing some programming errors. When this plugin runs, what exit code is used upon completion? |
| VMDK | |
| Maybe you can get the Team to help you Viewer this? | What non-default remote desktop tool was installed on the system? Version number not required. |
| Remember to turn back the clocks in November! | What is the system time zone? |
| I think I’m going to have a (National) Expresso toDay! | What was the date and time on the system when the user account with a password hint was created? (YYYY-MM-DD HH:MM:SS) |
| WHAT? I CANT HEAR YOU OVER THE FANS! | What is the operating system edition? |
| Let’s go to Jackson and see the capital while we’re here. | How many states did the user connect to the system from using the previously mentioned remote desktop tool? |
| I lost Control of my Services and broke all the Tcpipconnections. This is the last time I’m going to use random Parameters I don’t understand! | What was the second domain in the search list provided by the DHCP server? |
| Which email did I use for this again? | Not including their work account or gmail, what other email address did the primary user of the system have? |
| Can I sync these on my mobile device? | What is the name for the bookmark item added on December 11, 2022 at 2:04:54 AM (local system time)? |
| I’m tired of Googling about the Cloud. Time to learn about PowerShell modules instead. | What is the GUID of the PowerShell module found on the system? |
Solutions
Several folks have shared there solutions for this years MVS CTF. Check them out to see how others solved the challenges. There is often more than one way to solve the challenges!
Kevin Pagano on his blog Stark4n6:
Emma Sousa shares on Forgotten Nook:
BlueMonkey 4n6 shares via YouTube:
- Cipher Challenges – Love the CTF videos.
Announcing Another CTF This May!
In building this year’s in-person CTF, we wanted to ensure that folks unable to attend the Magnet User Summit can play the challenge.
So, we’ll have a version of this CTF taking place on May 3 from 7:00 -10:00 PM ET | May 4 from 8:00 – 11:00 AM Singapore Time.
This is open to anyone who does not play live in Nashville. And yes, this does mean another round of prizes along with new images!
Important: Please note registration for this event closes on April 26 and images and download links will be sent out April 27. We promise this CTF will be fun, so please register here to join in!
Registration Now for the next Magnet Forensics CTF!
Thank You!
Thank you so much for playing! A special thank you once again to our fabulous CTF sponsors, SANS, Leahy Center, and the Champlain Digital Forensics Association. And as always a big shout out to the amazing students Dylan Navarro, Alayna Cash, Lorena Castillo, A’zariya Daniels, Austin Grupposo, and Thomas Claflin from the Champlain Digital Forensics Association for working with us to build this incredibly fun challenge for the community!