There is an event in Computer Security called “Capture The Flag”. The purpose is to test the skills of security engineers and students through a variety of tasks in order to get a pass phrase which is called a flag. I noticed that Dr. Andrew Marshall wanted to set up this event at the University of Mary Washington for a while, so I and a few others decided to help make this a reality for him.
I didn’t know you studied security? Well honestly I don’t. But that doesn’t stop me from learning and creating cool challenges.
Challenges I Implemented
In this post, I’ll describe the various challenges I’ve implemented. I won’t give the full problem description or answer just in case the problems get recycled in later years.
Web Archive Search
In this problem I describe a discussion that an alumni and the student has. The alumni has trouble remembering a certain detail of an event held on campus. Key words and descriptions are given about the event and it is the job of the student to find the detail that the alumni wants.
The juicy part of this problem is that the event is no longer on the current version of the university website. This means that ideally the student would go to the Web Archive to search and find for the information.
Funny enough, one contestant found the information by reading a really old publication from the time period described.
In this challenge, I recorded a flag in an audio recording and distorted it using various tools in audacity. The idea is that you would get the audio clip and not be able to hear what the flag is and then have to import it into an audio editor of choice and manipulate it until the flag is clear.
Sadly no one was able to complete this challenge. I think I made it too hard by voicing individual characters instead of doing a phrase. This would make ambiguous letters like “B” and “P” barely distinguishable from each other.
This challenge involves hiding text in the web page through some means. Hidden Text was meant to be one of the easiest problems to ease people onto the competition. You can easily solve this type of challenge by opening up the web inspector tool.