Industry News

Update on Magnet Summit 2022 Capture the Flag Contests

Hi! This is Jessica Hyde and I am so excited to revisit the Magnet Summit 2022 Capture the Flag contests.

We had so much fun with both the in-person and virtual Capture the Flag events in April and we wanted to share some additional info. One of the best things about the CTFs this year was for us to get a chance to create BRAND NEW forensic images—which we can’t wait to share with the community!

Read on to get:

  1. Links to the Magnet Summit April 2022 Virtual CTF Android and Windows 11 CTF Images
  2. Questions from the April 2022 Virtual CTF for those who want to play (and learn)
  3. Links to write-ups from the community from the Magnet Summit April 2022 Virtual CTF
  4. A SAVE THE DATE for the virtual play of the in-person Nashville CTF—featuring new for 2022 forensic images, including Linux and an iOS 15 Full File System Image!

What Are the Capture the Flag Contests?

CTFs are a gamified learning opportunities to test your skills with digital forensics challenges. Forensic images of multiple pieces of evidence are made available to participants along with a variety of challenge questions based on the data sets. Participants can use any tools they like to answer a variety of questions, which range in point value depending on degree of difficulty.

These challenges are designed for all skill levels from novice to advanced and we are really looking forward to sharing new images and questions for 2022.

Magnet Summit April 2022 Virtual CTF Images

We are so excited to announce that we are working to share all the images (20 in total!) that we have created from the Magnet Summit CTFs going back to 2018. More on that to come soon, but for now, we want to first share the images from this year’s Magnet Virtual Summit in April.  Feel free to use these to challenge yourself, or to look into new artifacts and research Windows 11:

Questions From the April 2022 Virtual CTF

We have had multiple requests for the questions since the CTF closed to assist with self-learning, so we’re happy to be able to share the questions here. The Challenge Name often contains clues, and sometimes bad puns.


PointsChallenge NameQuestion
5If you are looking for an image, it was probably deletedHow many emojis were used in the first snapchat received by the User
5ooo so popular!What snapchat account sent the User the most messages?
5BurgLARProofWhat Live Action Role Play armor was the user building?
5Your charIoT awaitsWhat was the MAC address of the first IoT device connected?
5ID PleaseWhat was the ICCID for the SIM card used with this device?
10Keep on MovingWhen is Next Vegas Show? Format MM/DD
10Starting overWhat day was the device factory reset? Format YYYY/MM/DD
10Water Water EverywhereWhat is the zip code of the location that the image of the water was taken?
10Snap Your FingersWhat is the username of the last friend added to the user’s Snapchat?
10Never-endingPodcasts can seem like they drag on forever, how long was Rafael’s longest Podcast? HH:MM:SS
10Last 4What were the last four digits of the Visa used to purchase the User’s most-used video game?
10Expired MilkWhat was the earliest expiration date for the user’s guest wifi account? MM-DD-YYYY HH:MM
25Hash it outWhat hashing algorithm was used for Bumble’s email confirmation email?
25Surviving a Snake BiteWhat is the name of the YouTube channel that hosts the video that was watched at 10:30 PM EST on Feb 1st?
25So taskingWhat was the status of the Go grocery shopping list?
50A Recent Trick (59)What is the name of Step 5: Step 4 -?
50Bee Sweater (36)What famous cartoon from the mid 1900s did the user watch a snippet of?
50Seeing Through the TreesWhat was the last street that Google told the user to turn on to on the way to Sugarbush Mountain?
75All Trail Blazer (61)How many miles were left until Stowe Pinnacle? Format: X.X


PointsChallenge NameQuestion
5Never Gonna Give You UpHow many times did Patrick get rick rolled?
5r/hobbiesWhat subreddit did Patrick frequent the most? Format: r/subredditName
5Version aversionWhat was the version number of ZeroTier that was installed on the system?
10Insider PreviewWhat is the Build Number of the Windows Install
10Nil LayerWhat was the ZeroTier Network name?
10Crater of DiamondsWhen did n30forever “Mine” diamonds? YYYY-MM-DD HH:MM UTC
10Punching WoodHow many wood blocks has n30forever mined?
kinDefault SkinWhat is the SID of the account that was used to create the extra user?
25Groundhog DayWhere did n30forever spawn on the most recent logon? Format: x,y,z
50Real 2020 MomentPatrick reports seeing a couple of notifications saying malicious files were found and quarentined. What was the file name of the malicious file that was spawned with the process name starting with the letter S?
501T5 H4CK1N6 T1M3Patrick reports a suspicious consle open on his screen. Can you find the full path to the script that caused this?
50Philatelists ClubPatrick put a sign outside of his house in his offline survial minecraft world. What did it say? (Combine all lines of sign into 1 flag)
75Time 2 Block is the full address that the backdoor was downloaded into the system from?
75Obfuscation OccasionLocate and extract the file identified in the above question. What is the first function name in the malware? **Caution sample is REAL MALWARE**
100Oh Boy Its Time to DCodeIt looks like the vba file contains another encoded file. Decode this and provide the time/date stamp located inside the COFF header in UTC. yyyy/mm/dd:HH:MM:SS **Caution sample is REAL MALWARE**

Egg Hunt (No image necessary!)

PointsChallenge NameQuestion
25Skip to My LouWhat is the flag found in the message below:
25Boxed Crazy BreadWhat is the flag found in the message below:
25More bits please!Using the keyword MAGNETVUS, what is the flag found in the message below:
25Look in the mirror neo.y1f07318438d1u0h5338474h7y4w0n51323h7n0c4851941f3h7n01741v4f05w41nw0nk114079n1d20cc4
25OMG They Killed MeWhat is the flag found in the image

Community Write-Ups

One of my favorite parts of the CTF each year is learning how others have solved the challenges. And this year is no exception.

I wanted to share some of the write-ups from the Magnet April 2022 Virtual CTF that we have seen so far. If you are playing these challenges and have write-ups, please share them with us! We can’t wait to see how you solved these and it helps others learn as well.



Egg Hunt:

Winners Of the Magnet Summit CTFs

  • The CTF competitions were definitely an exciting display of talent! In case you missed the results, here’s who won the in-person competition in Nashville:
  • First: Kevin Pagano, @stark4n6, US
  • Second: Holly Kennedy, @hollykennedy4n6, US
  • Third: Kathryn Hedley, @4enzikat0r, UK

And here’s who won the virtual component:

  • First: Mohamad Ridzuan (HTX) from Singapore
  • Second: Nikolaos Papadoudis (nickos.pap) from Greece
  • Third: Kenny Eu (unstoppable) from Singapore
  • First to Finish: Yestine Goh (foundmissing) from Singapore

Save the Date for a Newly Available CTF

And now for the big announcement! We wanted to give EVERYONE the opportunity to play the CTF that was played in Nashville, so we are opening the Nashville CTF for a virtual contest on June 15 from 3:00-6:00PM ET!

This is open to anyone who did not play live in Nashville. And yes, this does mean another round of prizes along with two new images: an iOS 15 Full File System image and a Linux image. I promise this CTF is super fun, so please register here to join in!

Thank You!

I wanted to take a moment to give a great big shout out to the incredible folks from the Champlain Digital Forensics Association: Jordan KimballDylan Navarro, Hayley Froio, and Alayna Cash who I had the distinct privilege to spend time working with to build these CTFs. It was a blast, and they are absolutely incredible folks. Congrats Jordan and Hayley on graduating as part of the Class of 2022!

Good luck, everyone!

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.