NFPC 2015 Passwords and Hints

AlienPeaceSignIf you grabbed a contest disc to play after DEFCON, here are the passwords you’ll need to mount the TrueCrypt volume for each round.

Round 1: WhcFDjEQm9

Round 2: 4TWSDjtAeb

Round 3: jHfk4ykZBC

Round 4: 86BNnSn7Jp

Round 5: djawp7Tw6W

Round 6: hcdLwUKPTC

Round 7: zxEjEhCsVP

If you’re stuck, click on the jump to see a hint for each round. Continue reading

NFPC Winners at DEFCON 23

Congratulations to all the teams that participated in the Network Forensics Puzzle Contest this year, and especially to our top three finishers! This year marked our sixth year running the contest, so we were happy to see a number of familiar faces at our booth as well as lots of first-time players.

The winners are…

1st place – Threat Level Pancakes

2nd place – Tom Pohl

3rd place – Blue Squirrel

The contest consisted of six rounds plus a bonus round. The leading teams breezed through the first few rounds before hitting challenging rounds 5 and 6. Three teams persevered for over 36 hours and successfully completed the puzzle. The bonus round remains unsolved. We hope you picked up a disc so you can give it a try at home!

The full top 10 leaderboard is below.

Screen Shot 2015-08-12 at 3.57.42 PM

An impressive 71 teams completed round 1. That number quickly dwindled down to 11 round 5 finishers, and just three round 6 finishers.

graph

We would love to hear your feedback about the Network Forensics Puzzle Contest in the comments here or @LMGSecurity on Twitter using the hashtag #NFPC. Thanks for playing!

Network Forensics Puzzle Contest Winners

Congratulations to the top 10 teams in this year’s contest! All 10 completed the first five rounds of this challenging puzzle. A special congratulations goes to the top three teams, who completed all seven rounds.

The first place team, Dofir, walked away with an iPod touch. Tom Pohl and Team Blue, who tied for second, earned a ION Mini Block Rocker and a portable touchpad, respectively. An Amazon Fire Tv, the prize for the first person or team to complete the bonus round, is still waiting for someone to claim it!

The puzzle was meant to get more difficult as it progressed, but several other factors affected the average duration of each round of the puzzle. We calculated the time to complete round one based on the time the contest started: Thursday, August 7 at noon–but clearly not everyone got started that early. The other averages are based on the time since that team completed the previous round.

AverageTimes

The times were also affected by the decreasing number of competitors that completed each successive round. By round 5, for example, only a modest 12 teams were still playing, and they had the experience to complete the round relatively quickly. 264 teams registered to play, and 63 completed the first round while at DEFCON.

Finishers

DEFCON 22 Network Forensics Puzzle Contest Hints

IMG_1256Stuck on a round of the puzzle? We can help you out. Here is the list of hints we released at DEFCON.

Round 1: All your base 64 are belong to us.

Round 2: Encode-ception.

Round 3: Snowden’s-eloquent-quotes.jpg

Round 4: @ is a common symbol used with device names.

Round 5: Satellite connect-the-dots.

Round 6: The image from round 3 is more than meets the Eye. (There is a hint in round 1.)

Good luck!

Bonus Round Prize: Amazon Fire TV

fire_tv

This could be yours (via Amazon.com)

We are pleased to be giving an Amazon Fire TV to the first team to complete the bonus round of this year’s Network Forensics Puzzle Contest. You don’t need to complete all the other rounds to be in the running, just the eighth bonus round.

Our contest phone will be deactivated soon, so please submit your answers to myself at asawyer[at]lmgsecurity[dot]com or my colleague Bryan at bschmidt[at]lmgsecurity[dot]com. Good luck, and we look forward to seeing your solutions!

DEFCON 22 Wrap-Up: Bonus Round Prize is Still Up for Grabs

DEFCON-poster-draft2Congratulations to all the teams who entered and competed in this year’s Network Forensics Puzzle Contest at DEFCON 22. This was our fifth year running the contest, and we saw an incredible turnout of 264 registered teams for one of our most challenging puzzles ever. It was ultimately a test of endurance: teams were required to beat seven progressively more difficult rounds, with the winning team finishing in just over two days.

The eighth bonus round of the contest was attempted by the top three teams but went unsolved at DEFCON. We will ship the prize (an Amazon Fire TV) to whomever can successfully solve the bonus round first! We have a small confession: no one has solved this round yet (including the creators of the puzzle), so we will be impressed to see a solution.

The top 3 finishers:

1st place: Dofir (49 hours, 3 minutes)

2nd place (tie): Tom Pohl and Team Blue (52 hours, 7 minutes)

We hope you grabbed a disc even if you didn’t have time to play along at DEFCON so now you can check out the puzzle on your own. As promised, here are the passwords to unlock the Truecrypt volumes for each round. Please note that zeroes are often used instead of the letter ‘o.’

Round 1: izDEFCONf33ling22?#tSwift

Round 2: #pshth@twaSteh3@$y1#

Round 3: Ib3tuth0ughtQat@r&&

Round 4: h0wd1dug3tth@t1?%

Round 5: ur0nar0lln0w!@

Round 6: gud$luk^^0nth1s1

Round 7: !LA$$t0n3!!

Bonus round: Way-2_1337-4_u!

A walkthrough with solutions and the steps to get there will be posted this week. Statistics regarding the progress of participating teams and the time it took to complete each round will also be posted soon.

We would love to hear your feedback about the Network Forensics Puzzle Contest in the comments here or @LMGSecurity on Twitter using the hashtag #NFPC. Thanks for playing!

Walk Through Last Year’s DEFCON 21 Puzzle

DEFCON 22 is coming up in just a few short weeks, and we’ll be hosting our fifth annual Network Forensics Puzzle Contest featuring Edward Snowden, obscure sporting events, and various North Korean officials. We look forward to seeing you there!

As you prepare for this highly competitive contest, make sure you check out this excellent walkthrough of last year’s puzzle by second-place finisher Tom Pohl.

See you at DEFCON 22!

Winners of NFPC at DEFCON 21

Over 250 teams entered the Network Forensics Puzzle Contest at DEFCON 21. Congratulations to this year’s Winning Team: “Red Team”! We hope you enjoyed competing, and we look forward to seeing you again next year.

Top Three Finalists at DEFCON 21:

1. Red Team
2. Tom Pohl
3. PSKL

The contest decryption keys, answers, and a walk-through of the solutions will be posted the week of 9/22/13. Thank you for playing!

Copyright 2013, LMG Security. All rights reserved.

Join Us for Black Hat and DEFCON!

Want to tear apart Android cell phone dumps and Blackhole Exploit Kit 2 infection traffic? LMG has been hard at work gearing up for Black Hat and DEFCON. We’ve developed brand new puzzles for you to play with, a shiny new Network Forensics virtual workstation, and lots more. Here’s a quick preview:
Black Hat logo

  • Register for “Network Forensics: Black Hat Release” (4-Day course). Learn the ins and outs of packet analysis, flow record analysis, wireless forensics, intrusion detection and analysis, covert tunneling, malware network behavior– all packed into a dense 4 days with intensive hands-on technical labs.
     
  • Cellular network forensics is here! Don’t miss our cutting edge workshop, “Do-It-Yourself Cellular IDS,” during the Black Hat Briefings.
     
  • LMG is releasing a brand-new Network Forensics Workstation exclusively for students of “Network Forensics: Black Hat Release.” It includes all of the tools you need to solve every case study in the class, plus extra goodies. You can install this customized ISO to a virtual machine, or right on a hard drive.
     
  • We’ve got another AWESOME puzzle contest lined up for DEFCON, which will be publicly released online at the Network Forensics Puzzle Contest web site afterwards. Keep your eyes peeled for all the new packet captures!

See you in Vegas!