derbyconctf

@EverSecCTF haha to be clear the CTF organizers had no part in any of that :)

As much as we’re inspired by the @DerbyConCTF, don’t worry, we won’t ice you if you’re in the lead.

For those of you that may have earned a challenge coin during the CTF: trustedsec.com/2019/09/cracki…

@Nettitude_Labs @ch1kpee @DerbyCon There were many flags, not just the address. Strings in, strings out. Many were contextual. The intent was to use contextual things like in a pentest guessing passwords that have a client name, address, etc.

@ch1kpee @DerbyCon @DerbyConCTF Oh no - really?!

We finished 2nd place in the @DerbyCon CTF and have provided a write up of some of the challenges 😎 A big thanks to the @DerbyConCTF team as always! #derbycon labs.nettitude.com/blog/derbycon-…

@ch1kpee Unfortunately we do not as we don't participate in other CTFs.

@gabemarshall @tecknicaltom There were more flags than just that, but that was one of them.

@tecknicaltom @DerbyConCTF After asking about it in personal apparently if you entered the Hotel’s address you’d get the flag? 😑

@DerbyConCTF any spoilers for the ruby cgi badge barcode webapp?

@tecknicaltom strings in and strings out only

@DerbyConCTF Decoding the barcodes isn't an issue (yay zbar). Was there a vulnerability in the page that was meant to be exploited?

Here's my write-up/approach of 3 Challenges from #DerbyConCTF (HerpDerp.DLL, DerpyConFS/DB, kc57_final_fu.exe): wp.me/p2bpi7-t2 @DerbyConCTF

@pitleets A big challenge we have is licensing for any windows based virtual machines. Watch the TrustedSec blog, we will probably trickle out some older stuff as we have time to make sure its all clear to publish.

@DerbyConCTF, are any of the old DerbyCon CTFs available in VMs for download?

@doylersec @EverSecCTF We are happy for you! and we are happy the you got your victory in a well contested match against the other top teams!

After four years of blood, sweat, bourbon, and tears, @EverSecCTF has finally taken first in the @DerbyConCTF ! There are so many people on the team, the team in spirit, not with us this year, or supporting to thank individually. That said, this was my white whale, and we did it!

By the way the signature key on the JWT that was "DerpyCon"

If you want to know how to decode that wav

If you happen to do a challenge write up, please let us know and we'll be happy to retweet for others

How did you pwn the SQL box? No Metasploit module needed...DerpyDB had impersonation rights to SA...

Congrats to the winning teams!

Prizes will be awarded in the main CTF room (Salon F) at 12:15pm. Please have your password ready to verify your team. (We would never store passwords plaintext LOL)

Have you tried making wordlists from keywords in the context of the challenge instead of RockYou or similar?

flagsfuflags - If you want a challenge coin come up and see us! Nice work on the wav file

@doylersec padding..

So for those still working help.wav; once you have a byte array the 17th and 18th bytes, a[16..17], are a short giving the message length