Steganography Challenge Rules

• Look for hidden messages within an image file.
• Decrypt the hidden message and find the flag.
• Submit the flag.

Note: For the required environment setup, please use VMware version 17.6.2 or later.

Cryptography Challenge Rules

• Figure out the secret folder name to get the flag.
• Dm the flag in instagram

Forensics Challenge Rules

• Is something wrong with this file?
• Dm the flag in instagram

Networking Forensics Challenge

Challenge Rules

• Analyze the provided Wireshark capture file.
• Find the hidden conversations.
• Answer the following questions.
• DM your answers on Instagram.

Scenario:

An employee stole the company's confidential data and passed it to an ex-employee of the same company. A suspected laptop is been accessing the company's wifi. These activities are been captured by a wireshark packet file. Analyse these 3 things from the wireshark packet file:

Questions:

• Name the employee who stolen the data from the company
• Name the ex-employee who received the stolen data.
• What secret is hidden in the stolen data?

Web Security Challenge Rules

• The admin is a bit lazy when it comes to passwords.
• Dm the flag in instagram

Wireshark Challenge Rules

• A company laptop has been hacked!. Your mission:
• Analyze the network capture to uncover the hidden flag.
• Identify the type of attack used.
• Find the attacker's MAC address.
• Submit your findings via Instagram DM.

OSINT Challenge Rules

• Use open-source intelligence techniques to find the hidden information.
• Submit your findings via Instagram DM.

Scenario:

A person has vanished. but we have his X username. Your task is to use OSINT techniques to uncover their true identity and employment history.

Bruteforce Challenge Rules

An employee set a password on a ZIP file and forgot it!
Can you open it up and find the flag inside?

• Download the provided ZIP file.
• Extract the contents and locate the hidden flag.
• Submit your findings via Instagram DM.

Reconnaissance Challenge Rules

• A suspicious domain has been reported to our cyber threat unit.
• Intelligence suggests it hosts a hidden command-and-control panel and leaked internal assets.
• The only information we have is the domain name:
• Domain: contest10.systechcontest.com
• find 3 hidden flags
• Your task: Use reconnaissance techniques to uncover as much as you can about the domain, its infrastructure, and any hidden assets or panels.
• Submit your findings via Instagram DM.

VAPT Report Writing Challenge Rules

• Our internal cybersecurity team conducted a vulnerability assessment on a critical server exposed to the internet.
• Several open ports and potential misconfigurations were discovered.
• 🔍 Your task: Write a professional VAPT report based on the discovered findings.

Include in your report:

• Open ports
• Services detected
• Identified vulnerabilities
• Risk rating
• Recommendations

📁 You have been provided with an Nmap scan file.

📝 Flag: The report file name should be: CTF{yourname_VAPT_Report}

📄 Format: The final report must be in PDF format and follow standard security reporting format.

Silent Endpoint — Unlock Rob's Keyphrase

• There is a hidden, undocumented endpoint used internally.
• There is a hidden internal web address that returns Rob's keyphrase, but it only responds when called by a privileged internal client.
• Submit the keyphrase via Instagram DM.

SOC Team Malware Hash Analysis Challenge

Scenario: We found a file from SOC team and we are giving the hash of the file. You need to pass the questions.

Provided SOC Hash:

556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1

Questions:

1. Which type of malware is this?
2. What was it used for (primary objective/impact)?
3. When was this malware first found/discovered?
4. What are effective mitigations?
5. What is the hash algorithm?
6. Describe what this specific hash represents (file, string, sample), based on open sources.

📝 Instructions: Answer all questions based on your analysis of the provided hash. Use open-source intelligence and malware analysis resources.

📤 Submission: Submit your answers via Instagram DM.

Web Security Challenge

• Exploit the vulnerability responsibly to extract the hidden flag.
• Submit the Flag via Instagram DM.

SQL Injection Challenge

Scenario: A web application has been identified with potential SQL injection vulnerabilities. Your mission is to exploit it and retrieve sensitive data.

Challenge Rules:

• Identify SQL injection points in the web application.
• Exploit the vulnerability to extract database information.
• Retrieve the admin credentials or flag from the database.
• Submit the flag via Instagram DM.

⚠️ Note: This is a controlled environment. Only exploit the provided target.

Binary Exploitation - Buffer Overflow

Scenario: A vulnerable program has been found that suffers from buffer overflow. Exploit it to gain control of the execution flow and retrieve the flag.

Challenge Rules:

• Analyze the binary for buffer overflow vulnerabilities.
• Develop an exploit to overwrite the return address.
• Execute your shellcode or redirect execution flow.
• Extract the flag from the system.
• Submit the flag via Instagram DM.

Environment:

You will be provided with a vulnerable binary and the target system details.

Memory Forensics Challenge

Scenario: A memory dump from a compromised system has been captured. Analyze it to uncover malicious activities and extract hidden information.

Challenge Rules:

• Analyze the provided memory dump file.
• Identify running processes, network connections, and suspicious activities.
• Extract hidden files, passwords, or encryption keys from memory.
• Find the flag hidden in the memory dump.
• Submit your findings and the flag via Instagram DM.

Tools Recommended:

Volatility Framework, Rekall, or any memory forensics tool.

API Security Challenge

Scenario: A REST API has been deployed with several security vulnerabilities. Your task is to identify and exploit these weaknesses to access protected resources.

Challenge Rules:

• Analyze the API endpoints and their authentication mechanisms.
• Identify security vulnerabilities (authentication bypass, IDOR, etc.).
• Exploit the vulnerabilities to access admin endpoints or sensitive data.
• Retrieve the flag from the protected resource.
• Submit the flag via Instagram DM.

API Documentation:

Review the API documentation to understand the endpoints and required parameters.