Cybersecurity Lab CTF 2024 Event Summary
Summary of our inaugural CTF event.
The Cybersecurity Lab CTF 2024 has officially wrapped up, closing out an incredible week of cybersecurity challenges! From 28 Oct 2024 to 4 Nov 2024, a total of 14 teams (29 participants) took part in our Jeopardy-style CTF, tackling a range of carefully crafted challenges across multiple categories. Each challenge was an opportunity to earn points, with many unlocking new, more difficult tasks along the way, keeping participants on their toes and engaged.
This year’s event was packed with unique problem-solving experiences designed to test skills in various areas of cybersecurity, and we saw an impressive display of knowledge, strategy, and perseverance from everyone who took part. We extend our congratulations to the top scorers and our gratitude to each participant who helped make the Cybersecurity Lab CTF 2024 a memorable event.
Statistics
General
Category Breakdown
Top 10 Teams
Prize Winners
| Place | Team | Members | Score |
|---|---|---|---|
| 1 | Happy 3 Friends | capcorn, Starina, CT | 7000 |
| 2 | Number One | Jason, memberM | 7000 |
| 3 | Team JSE | Enokii, sarahxxxxx, J | 7000 |
These teams are eligible for prizes, having completed all challenges and earned the highest points in the shortest time.
Special Mentions
We’d like to give a shout-out to the following team and participant for helping enhance our event experience!
Team steguest participated in the event under guest invitation. Although not eligible for prizes, the team (members: steguest, steams, and wanlin) was the first to complete all challenges and achieve the maximum points!
Participant yong identified an issue with one of the cloud challenges, AWS Pricing Calculator. The organizing team promptly rectified the challenge, minimizing the impact on the game experience.
CTF Writeup (Intended Solutions)
Introduction
Are you ready to take off? (100)
Whether you’re a seasoned pilot in the cyber domain or just boarding your first flight, Cybersecurity Lab CTF 2024 promises an exciting and educational experience. Gear up, take flight, and see if you can navigate through the challenges to land safely with the highest score!
All flags are to be submitted in the format: CDG{your_flag_here}
Are you ready to take off?
Submit the following flag: CDG{1_4m_r34dy}
Objective is to brief participants on flag format.
Flag: CDG{1_4m_r34dy}
Misc
Message from the sky (Part 1) (100)
A mysterious message intercepted from a high-flying aircraft has been encoded. Your mission is to decode the transmission and uncover the hidden coordinates to guide a critical flight to safety. Can you save the day before the plane runs out of fuel?
Flag format: CDG{secret}
Objective is to familiarise participants with various types of encoding.
message1.txt contains Q0RHezUzbmRfaDNscF9wbDM0NTN9.
Use CyberChef to perform base64 decode.
Flag: CDG{53nd_h3lp_pl3453}
Message from the sky (Part 2) (100)
Similar to Message from the sky (Part 1)
message2.txt contains 43 44 47 7b 4c 41 54 3a 20 31 2e 34 31 37 33 39 32 7d.
Use CyberChef to perform hex decode.
Flag: CDG{LAT: 1.417392}
Message from the sky (Part 3) (100)
Similar to Message from the sky (Part 1)
message3.txt contains 01000011 01000100 01000111 01111011 01001100 01001111 01001110 00111010 00100000 00110001 00110000 00110011 00101110 00111000 00110110 00111000 00110000 00110000 00111000 01111101.
Use CyberChef to perform binary decode.
Flag: CDG{LON: 103.868008}
Integer Overflow in C (Part 1) (100)
It is possible to get a negative result when adding 2 positive numbers in C.
What’s the MAX 32-bit Integer value in C?
Flag format: CDG{answer}, do not include “,” (comma) or “.” (full stop)
Challenge inspired by HTB Cyber Apocalypse 2024.
Objective is to share with participants the concept of Integer Overflow.
Flag: CDG{2147483647}
Integer Overflow in C (Part 2) (100)
It is possible to get a negative result when adding 2 positive numbers in C.
What number would you get if you add INT_MAX and 1?
Flag format: CDG{answer}, do not include “,” (comma) or “.” (full stop)
Add one to INT_MAX will return INT_MIN.
Flag: CDG{-2147483648}
Integer Overflow in C (Part 3) (100)
It is possible to get a negative result when adding 2 positive numbers in C.
What number would you get if you add INT_MAX and INT_MAX?
Flag format: CDG{answer}, do not include “,” (comma) or “.” (full stop)
1
2
3
4
5
Workings:
INT_MAX + INT_MAX = (INT_MAX + 1) + (INT_MAX - 1)
= INT_MIN + (2147483647 - 1)
= -2147483648 + 2147483646
= -2
Flag: CDG{-2}
OSINT
SuperTool Lookup (100)
Do you know the CNAME of our website www.caas.gov.sg?
Flag format: CDG{answer}, letters, numbers and symbols
Objective is to share with participants MXToolbox Supertool and allow participants to examine CAAS’ DNS records.
Flag: CDG{df2nv2jvaiiil-live.prd.cwp2.sg}
Content Delivery Network (100)
Your mission is to investigate cybersecuritylab.cc and discover the Content Delivery Network (CDN) it’s using. With limited clues, you’ll need to trace the site’s infrastructure and track down the CDN keeping its data flying across the web. Can you soar through the digital clouds and uncover the hidden network?
Please note that the flag format is all uppercase and enclosed within CDG{}. For example, the flag will look like CDG{YOUR FLAG HERE}.
Objective is to share with participants CDN Finder and the concept of CDN.
Flag: CDG{CLOUDFLARE}
Wiki Wiki Waka Waka (100)
School teachers discourage students from using Wikipedia. Why is that?
hint: search for 128.125.52.138
Flag format: CDG{secret}
Objective is to educate participants that anyone can make changes to Wikipedia.
Search for 128.125.52.138, then select diff under “Search for contributions”.
Look for the message related to flag.
Flag: CDG{cNi76bV2IVERlh97hP}
Pilot Down (300)
You have decoded the mysterious messages from the pilot, but his exact location is still unknown. Track down the hidden beacons and clues scattered across the communications to pinpoint the pilot’s position. Time is running out—can you navigate the digital airspace and find the missing pilot before it’s too late?
Please note that the flag format is all uppercase and enclosed within CDG{}. For example, the flag will look like CDG{YOUR FLAG HERE}.
Objective is to share with participants that location can be determined with latitude and longitude values.
Reference: Discover coordinates or search by latitude & longitude
1
2
3
This challenge unlocks only after clearing "Message from the sky" (Part 1 to 3)
CDG{LAT: 1.417392}
CDG{LON: 103.868008}
Flag: CDG{SELETAR AIRPORT}
Self-Entitled Tourist (300)
I want to go to the midpoint of the following IDs:
8b6520db38defff8b6520db38dcfff8b6520db38d1fffI’m using Uber’s cutting-edge geospatial technology.
How can you not know where I want to go?
Please note that the flag format is all uppercase and enclosed within CDG{}. For example, the flag will look like CDG{YOUR FLAG HERE}.
Objective is to share with participants H3: Uber’s Hexagonal Hierarchical Spatial Index.
Flag: CDG{MARINA BAY SANDS}
We’re going waaaaaaaaaaaayback (500)
It’s the year 2010.
CAAS Corporate website has just undergone a major makeover! As a user, I want to provide my feedback. Can you find the hidden email address on the front page?
Flag format: CDG{email_address}
Objective is to test participants on the usage of Wayback Machine - Internet Archive.
Search for the first snapshot taken, dated 10 February 2010.
Right click page and select View page source.
Look for the email address associated with Feedback on Our Website.
Flag: CDG{[email protected]}
Blockchain
What happens on the ledger stays on the ledger (100)
A former team member has just left the organization, and amidst his belongings, a mysterious transaction hash was discovered. Rumor has it he used to receive payouts from a crypto lender. Your task is to investigate the transaction, trace it through the blockchain, and reveal how much Gemini Dollar (GUSD) he currently holds in his wallet. Can you follow the trail and uncover the truth?
Transaction hash:
0x1c5c9e16d99fb9a48bc48e906428e570be9e4637fc1f9652d30a14c58a316968Flag Format: CDG{XX.XX}
Objective is to educate participants that blockchain is a shared, immutable ledger.
Search for transaction hash and identify destination wallet address.
Check on balance of destination wallet address.
Flag: CDG{14.05}
Forensics
DG wants to tell you a secret (300)
DG has something to tell you! What could it be…
Flag format:CDG{secret}
Objective is to share with participants the concept of metadata.
Right-click CAAS-tellmeyoursecret.jpg, and select Properties.
Flag: CDG{h4n_k0k_ju4n}
Rain Vortex Magic (300)
Rumour has it that if you hide
stegin your palm and whisper the wordjewelwhile standing near the iconic Rain Vortex, you’ll uncover a hidden truth within.Is this just an urband legend, or does the Rain Vortex hide something more?
Flag format: CDG{secret}
Objective is to share with participants Stehide and the concept of steganography.
Download steghide Windows package and add rain-vortex.jpg into folder containing steghide.exe.
Then, start Command Prompt terminal from the folder and run the following commands.
1
2
3
4
5
6
7
8
9
Microsoft Windows [Version 10.0.19045.5011]
(c) Microsoft Corporation. All rights reserved.
C:\Users\admin\Downloads\steghide-0.5.1-win32\steghide>steghide extract -sf rain-vortex.jpg
Enter passphrase: jewel
wrote extracted data to "flag.txt".
C:\Users\admin\Downloads\steghide-0.5.1-win32\steghide>type flag.txt
CDG{w0rld_74ll357_1nd00r_w473rf4ll}
Flag: CDG{w0rld_74ll357_1nd00r_w473rf4ll}
Needle in the News (300)
I love aviation news.
Can you find the hidden article?
Flag format: CDG{secret}
Objective is to educate participants that files may be hidden on Windows.
Observed that theRealFlag.pdf is protected with password.
Navigate to news4 folder.
Click on View tab at the top and enable Hidden items checkbox.
therealPassword.txt contains 14m7h3p455w0rd.
Unlock theRealFlag.pdf with password to reveal flag.
Flag: CDG{n0w_y0u_533_m3}
Where’s my manifest??? (500)
Intrusion alert!! Seems like someone managed to breach FlightSG and obtained a flight manifest! With the efforts of our OIS team, we managed to perform a hack back and obtained an image of the adversary’s computer. Seems like our threat actor likes to use a particular type of cloud storage…
Onedrive link: https://1drv.ms/u/c/b8096c520109dc77/EVFuB07wmY5Mpwh18xl_4fkB-nYUwFu5p5ylBB01UpvZbQ?e=3WcDsR
Onedrive pw: P@ssw0rd_CDG
Flag format: CDG{secret}
Challenge inspired by The Infosecurity Challenge 2024.
Objective is to test if participants are able to perform forensics on Firefox browser history.
Use FTK Imager and add caas_cdg.ad1 as Evidence Item - Image File.
Observed that “malicious actor” visited FlightSG.
Firefox Downloads are stored in the places.sqlite database, within the moz_annos table. Associated URL information is stored within the moz_places table.
Export places.sqlite.
Use SQLite Viewer to examine moz_places of places.sqlite.
Observed several Dropbox URLs associated with Flight_Manifest.pdf.
Visit https://www.dropbox.com/scl/fi/op1kayx35t1sslg3sajxw/Flight_Manifest.pdf?rlkey=olnboa0jbkb9kgrpnefs8mm2l&e=2&st=e9v157wp&dl=0 to reveal flag.
Flag: CDG{h0n3y_wh3r3_15_my_m4n1f357}
Crypto
Crack it (300)
1DDG sent you this random string
ad43d263c6badeb8f86664089136f86e. Can you identify what it is and recover the content?Flag format: CDG{secret}
Challenge inspired by CryptoCat during Intigriti CTF 2023.
Objective is to familiarise participants with various types of hashing.
Visit CrackStation and look up the md5 hash.
Flag: CDG{aviation}
Really Secure Apparently (300)
Apparently this encryption is “really secure” and I don’t need to worry about sharing the ciphertext, or even these values …
n =
689061037339483636851744871564868379980061151991904073814057216873412583484720768694905841053416938972235588548525570270575285633894975913717130070544407480547826227398039831409929129742007101671851757453656032161443946817685708282221883187089692065998793742064551244403369599965441075497085384181772038720949e =
98161001623245946455371459972270637048947096740867123960987426843075734419854169415217693040603943985614577854750928453684840929755254248201161248375350238628917413291201125030514500977409961838501076015838508082749034318410808298025858181711613372870289482890074072555265382600388541381732534018133370862587Flag format: CDG{secret}
Challenge inspired by CryptoCat during Intigriti CTF 2023.
Objective is to share with participants the concept of RSA (Rivest–Shamir–Adleman), an asymmetric algorithm for public key cryptography.
ct.txt contains 172272097116738474038360969007422039387488705908125616312278244530215007945093607302070190034650606129953021790389283979310901435764320276891040316972519417078623952291470258841843259886121307499715458568276623209974340558695204833847369238768796141665650300641169599485794459437140160396795477673245070325750
Visit dCode RSA Cipher and key in C, E and N values, followed by CALCULATE/DECRYPT.
Flag: CDG{50_y0u_d0_kn0w_4b0u7_r54}
In-Flight Caesar Salad (300)
On this flight, the meal choice is out of your hands—served up is a Caesar salad, but it’s not what it seems!
Jryy qbar! Urer vf lbhe synt: PQT{qryvpvbhf_pnrfne_fnynq}Sometimes you don’t get to choose what you eat, but can you stomach this cryptic challenge and uncover the hidden message before landing?
Flag format: CDG{secret}
Objective is to share with participants the concept of Caesar Cipher, a substitution cipher in cryptography.
Visit dCode Caesar Cipher and key in Caesar Shifted Ciphertext, followed by DECRYPT (BRUTEFORCE).
Flag: CDG{delicious_caesar_salad}
X-cept Or Reject? (500)
You’ve just received a mysterious gift from the flight crew, but there’s a catch! Uncover the hidden layers within the package and investigate its true nature. It’s up to you to decide whether to accept or reject this gift. Will you make the right choice, or will corruption cloud your judgment?
Remember the flag format and how it might help you in this challenge!
Flag format: CDG{secret}
Challenge inspired by CryptoHack.
Objective is to test participants on the properties of XOR operations.
hex-present.txt contains 00 05 06 28 21 72 1e 30 77 33 72 35 36 2d 1e 24 2b 72 2f 0c 3a 71 34 0c 77 22 22 60 33 76 1e 65 72 27 76 66 3e.
Understand the Commutative and Associative properties of XOR operations.
1
2
3
4
5
6
7
8
9
10
11
A ⊕ B = B ⊕ A --> order of inputs doesn't matter
A ⊕ (B ⊕ C) = (A ⊕ B) ⊕ C --> can be chained and order doesn't matter
We have hex-present.txt (ciphertext), unknown key and flag.
Flag is known to start with `CDG{`.
flag ⊕ key = ciphertext
ciphertext ⊕ flag = key
XOR ciphertext with partially known flag will reveal a portion of the key.
Use Cyberchef, apply From Hex and XOR with CDG{ as key in UTF8 format.
Observed that four characters were revealed. Use CAAS as XOR key.
Flag: CDG{b3_c4r3ful_wh3n_y0u_4cc3p7_61f75}
Web
Health Check Report Card (300)
I overheard someone saying the Health Check Report Card for our website
www.caas.gov.sgis at 95%.Do you know why is it not at 100%?
Please note that the flag format is all uppercase and enclosed within CDG{}. For example, the flag will look like CDG{YOUR FLAG HERE}.
Objective is to share with participants Internet Health Lookup Tool by CSA.
Visit Internet Health Lookup Tool and perform lookup.
Do note that for static sites (non-transactional), HTTP Compression is allowed for improved performance.
Flag: CDG{HTTP COMPRESSION}
Return to the Hangar (300)
Sometimes, the answer is right where you started. Your mission is to head back to
play.cybersecuritylab.ccand take a closer look. Will you be able to spot it, or will you fly right past the solution?Flag format: CDG{secret}
Objective is to educate participants that View page source may reveal interesting information.
Flag: CDG{h1dd3n_1n_p463_50urc3}
The Only Constant Is Change (500)
In the ever-evolving world of cybersecurity, continuous learning is not just an option—it’s a necessity. Threats, techniques, and technologies change rapidly, and only those who adapt and stay ahead of the curve will succeed. In this challenge, you’ll need to embrace that mindset.
Use your skills to navigate through shifting clues and dynamic elements to recover the flag. Stay sharp, stay flexible, because in cybersecurity, the only constant is change. Can you rise to the challenge and prove your adaptability?
Flag format: CDG{secret}
Objective is to test participants if they can put what they have learnt about page source into practical use.
Observed that the flag is gibberish and constantly changing.
View page source to retrieve script.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<script>
const numList = [
85, 52, 86, 76, 105, 54, 86, 57, 102, 110, 86, 120, 81, 91, 81,
52, 102, 75, 124, 57, 92, 126, 93, 126, 102, 110, 82, 125, 82,
72, 103, 126, 94, 74, 61, 113, 102, 72, 85, 54, 106, 85, 65, 65
];
const newNumList = numList.map(num => num - 4);
const asciiString = newNumList.map(num => String.fromCharCode(num)).join('');
const newAsciiString = atob(asciiString);
function dynamicFlag() {
const time = new Date().getTime();
let dynamicFlag = '';
for (let i = 0; i < newAsciiString.length; i++) {
const charCode = newAsciiString.charCodeAt(i);
let transformedCharCode = (charCode + (time % 100)) % 126;
if (transformedCharCode < 32) {
transformedCharCode += 32;
}
dynamicFlag += String.fromCharCode(transformedCharCode);
}
document.getElementById('flag').textContent = dynamicFlag;
}
dynamicFlag();
setInterval(dynamicFlag, 1000);
</script>
Prompt ChatGPT with “What is the flag?” and paste the whole script in.
Participants are not expected to fully understand how the script works. For learning purpose, the script generates a base flag, dynamically transforms it based on the current time, and updates the flag on the webpage every second.
Flag: CDG{dyn4m1c4lly_63n3r473d_fl46}
Cloud
AWS Pricing Calculator (300)
Cloud adoption is the hottest topic in town. We want to migrate a project to commercial Amazon Web Services (AWS).
What is the lowest-cost EC2 instance to host a server of the following specifications?
- Region:
Asia Pacific (Singapore)- Tenancy:
Shared Instances- Operating System:
Windows Server- Workload:
Constant Usage- CPU:
4- Memory:
16GBPlease note that the flag format is all uppercase and enclosed within CDG{}. For example, the flag will look like CDG{YOUR FLAG HERE}.
Objective is to share with participants AWS Pricing Calculator and how to use it to estimate cloud hosting costs.
Visit AWS Pricing Calculator and Create estimate.
Create estimate: Configure Amazon EC2 and key in all the stated parameters.
Flag: CDG{T3A.XLARGE}
I like free stuff (300)
Do you know Microsoft offers free Azure learning resources?
Find
Microsoft Azure Fundamentals: Describe cloud conceptsand visitWhat is cloud computing.Watch the video (1 min 38 sec) from start to end.
Flag is a word that appears in the video, containing 9 letters.
Please note that the flag format is all uppercase and enclosed within CDG{}. For example, the flag will look like CDG{YOUR FLAG HERE}.
Objective is to share with participants free Azure learning resources from Microsoft and provide a short introduction to cloud computing.
Video can be found at What is cloud computing.
Flag is revealed at end of video.
Flag: CDG{MICROSOFT}
R2 interesting use case (300)
Similar to Amazon S3, Cloudflare R2 can be used to serve a static website.
cybersecuritylab.ccis a static website served using Cloudflare R2.Read the following documentation:
- https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web/Dealing_with_files
Your task is to locate
flag.jpg. Where could it be?Flag format: CDG{secret}
Objective is to share with participants cloud storage can also be used to serve static website.
Visit https://cybersecuritylab.cc/images/flag.jpg.
Flag: CDG{r2_57471c_w3b5173}