DEV Community

loading...
Cover image for Hacktober CTF 2020 write-up series

Hacktober CTF 2020 write-up series

igotinfected profile image Jason Rebelo Updated on ・2 min read

hacktoberCTF

Hacktober CTF logo

The Hacktober 2020 CTF is by far the most fun and educational CTF I have ever participated in.

Introduction

This CTF was hosted by CyberHacktics and CyberUp, in support of National Cyber Security Awareness Month.

Players have to take on a group of notorious hackers:
DEADFACE.

Hacktober CTF differs from your normal CTF in that it considers a cohesive story that ties challenges together to be essential, letting players know why they need to find a flag.

DEADFACE is a notorious hacker group who increase their activity particularly in October. They're all about theatrics and inciting fear. They employ a variety of different hackers, each with their own unique skillsets. One of the calling cards of DEADFACE is that they use a Halloween-themed naming convention for their attacks and artifacts left on their victim's machines.

Source: https://blog.cyberhacktics.com/hacktober-2020/

Challenges

The challenges are broken down into various categories, and many of them require knowledge acquired throughout the CTF, as part of that previously mentioned cohesive storyline. The challenges mainly revolve around members of DEADFACE leaving information, files, and hints on a public forum for us to find. We can then start forming a picture of the various members, what they do, what kind of person they are, the techniques they use, and so on and so forth.

The main challenge categories are:

  • cryptography
  • steganography
  • linux
  • traffic analysis
  • forensics
  • OSINT
  • programming
  • sql
  • web exploitation
  • bonus

My writeups for the solved challenges will be linked at the end of this article.

Personal results

My favourite categories were mostly well represented in this CTF. There were a lot of forensics and OSINT related challenges. Web exploitation was definitely the least represented one, but often the most guessy, or the easiest challenges in these competitions.

As per usual, I participated alone and managed to climb my way to 151st out of 1062 participants. 🥇

The biggest take-away from this competition though is the amount of newly acquired knowledge. From new steganography techniques I had never heard of, to learning how to read and evaluate memory dumps, prefetch informatio, and the likes.

Prizes & Recognition

Cash prizes are provided for US residents. The top three US based teams are awarded $400, $200, and $100 respectively.

Non-US residents participated for bragging rights, and some digital badges to be redeemed at badgr.io.

badges

Hacktober CTF badges

Writeups

I'm posting all my writeups as separate blog posts, minus the challenges that are split into multiple parts, those have all been merged into one.

Updated as all writeups are published ⏰

OSINT


Linux

Discussion

pic
Editor guide