Challenge category:
Binary Exploitation Cryptography Forensics Miscellaneous Networks Radio Frequency Reverse Engineering Web Exploitation Welcome
50 Points

I was going to call this challenge babynet, but I have that baby shark song stuck in my head... doo doo, doo doo doo baby shark...

By: skat
247 Points

You're probably used to pcaps captured at layer 3 in promiscuous mode, but do you know what to do with a pcap captured at layer 2 in monitor mode?

By: skat

I saw my arch-nemesis, Billy Bob Bobertson, in the library. He left his laptop open for 3 minutes to go use the restroom. Luckily, I had my BadUSB handy and gave myself a shell and then persistent remote access, and started running a few commands and capturing his web traffic (shown in the attached screenshot). I think he's up to something suspicious and received some sort of message from a group of criminals.

They say that looking through a pcap is like finding a needle in a haystack, but what do you do if that haystack is encrypted?

By: skat
500 Points

We had a rat infestation so I put mousetraps everywhere. Now I can code in peace without rats!

I'm a networks guy, so I was doing some network coding the other day when I picked up these interesting transmissions from some not-exactly-802.11 devices. There seems to be some presumably low-power wireless device somewhere transmitting data continuously, like a fountain! I think it's transmitting the flag, but I don't understand its transmissions. Can you recover it?


Wireshark's protocol analyzer may be misleading. Analyze it yourself.


I can do network coding without rats. Ratless network coding!


I cannot stress this enough: Wireshark's protocol analyzer, and most tools' protocol analyzers, may mislead you. You should analyze the data yourself! The 802.15.4 sequence and src/dest format are very standard. What comes after? This challenge requires a lot of protocol analysis as well as a mathematical part at the end!

By: skat