Earlier this month, we hosted our first-ever 6-Hour Capture the Flag challenge! This event drew cybersecurity enthusiasts from diverse backgrounds. Participants, ranging from beginners to seasoned professionals, eagerly tackled a series of challenging tasks in reverse engineering, cryptography, and more, showcasing their technical acumen and adaptability in a virtual arena.
Congratulations to our CTF Challenge Winners!
1st - Philippe Dourassov
Tied for 2nd - physuru & feasto
3rd - Evangelos Lioudakis
If you’re curious to give it a go, the challenge is open for practice (but, alas, no prizes awarded, only knowledge gained 🤩):
What Each Wizer CTF Challenge Covered: A Snapshot
JWT Authentication
This challenge showcases a simple authentication endpoint that allows multiple JWT algorithms. To win the flag, the user needs to make the system render the ‘flag’ message.
First Solver: Philippe Dourassov
Best Write Up: Matthias L.
View additional write ups on the 1st challenge by Amine Nait Ali, Aftab Sama, Bhavya Jain, and Evangelos Lioudakis.
Nginx Configuration
In reviewing the nginx configuration file, the user is tasked with getting the flag from a file named flag.html.
First Solver: Philippe Dourassov
Best Write Up: Bhavya Jain
View additional write ups on the 2nd challenge by Matthias L., Amine Nait Ali, Aftab Sama, and Evangelos Lioudakis.
Recipe Book
We created a recipe book website with a unique functionality: an offline mode. To win the flag, the user is tasked with proving that the code is vulnerable to XSS, by injecting an alert message.
First Solver: Philippe Dourassov
Best Write Up: Yoeri Vegt
View additional write ups on the 3rd challenge by Aftab Sama, Bhavya Jain, and Evangelos Lioudakis.
Profile Page
A simple webpage that shows your profile, what could go wrong there? To capture the flag, the user needed to read the /flag.txt file.
First Solver: Yoeri Vegt
Best Write Up: Lucas Voxted
View additional write ups on the 4th challenge by Amine Nait Ali, Aftab Sama, and Evangelos Lioudakis.
Hack The Admin
Pyjsparser.parser is a safe library for parsing and executing JavaScript within a Python app. To win the flag, the user is expected to read the content of /flag.txt file.
First Solver: Philippe Dourassov
Best Write Up: Evangelos Lioudakis
Evaluation Corp Certificate of Support
This code showcases a PDF Certificate generator. To win the flag, the user is tasked with making the code print the flag within the generated PDF Certificate.
First Solver: Philippe Dourassov
Best Write Up: Evangelos Lioudakis
This event was a thrilling display of individual skill, ingenuity, and problem-solving as participants raced to complete the challenges. Congratulations again to all the winners! We are excited to see you all again next time - stay tuned for our next challenge announcement coming soon!
