Open Security Holiday CTF

Open Security is a smaller security firm with services in attack simulation, risk mitigation, and cybersecurity strategy.

Cybersecurity Solutions For Businesses Of All Sizes
        -OpenSecurity

Recently, I particpated in their Holiday CTF. They provided the following information (in part):

Open Security Holiday CTF Instructions
🏆 Prizes:
🢒 The first five finalists will be chosen to win a high-quality t-shirt.

📆   When: 
🢒 Monday December 6th, 12PM CST - Friday, December 17th, 12PM CST.

🚩 All flags are formatted like os{...} or OS{...}

The challenges (6 of them) ranged from easy to hard depending on your knowledge/skill level.

I was the first to complete all 6 challenges!

The challenges were

  • Escaping the Naughty List
  • Gatekeepers
  • Baking Cookies
  • Elf Encryption - 8 Layers
  • Hidden in Plain Sight
  • Lost in the Snow

Of all these challenges, Baking Cookies seemed to give most people (including myself) trouble. I wrote a python script and then was told later that the usage of Burb suite solves the challenge quickly because it can modify and bruteforce the cookies directly.

I actually never openned Burb (or OWASP ZAP) for any of the challenges. I have written up follow solutions on Gitlab for those interesting how I solved them.

It as an interestiung short CTF and with several CTFs going on over the holidays, I found it great this one was not too long to finish.

Jesse Spangenberger

Jesse Spangenberger