Finally, it’s what you’ve all been waiting for: the walkthrough and solutions to this year’s puzzle! When you’re ready to see how it’s done, click on the jump to view the walkthrough.

Continue reading »

Congratulations to the top 10 teams in this year’s contest! All 10 completed the first five rounds of this challenging puzzle. A special congratulations goes to the top three teams, who completed all seven rounds.

The first place team, Dofir, walked away with an iPod touch. Tom Pohl and Team Blue, who tied for second, earned a ION Mini Block Rocker and a portable touchpad, respectively. An Amazon Fire Tv, the prize for the first person or team to complete the bonus round, is still waiting for someone to claim it!

The puzzle was meant to get more difficult as it progressed, but several other factors affected the average duration of each round of the puzzle. We calculated the time to complete round one based on the time the contest started: Thursday, August 7 at noon–but clearly not everyone got started that early. The other averages are based on the time since that team completed the previous round.


The times were also affected by the decreasing number of competitors that completed each successive round. By round 5, for example, only a modest 12 teams were still playing, and they had the experience to complete the round relatively quickly. 264 teams registered to play, and 63 completed the first round while at DEFCON.


IMG_1256Stuck on a round of the puzzle? We can help you out. Here is the list of hints we released at DEFCON.

Round 1: All your base 64 are belong to us.

Round 2: Encode-ception.

Round 3: Snowden’s-eloquent-quotes.jpg

Round 4: @ is a common symbol used with device names.

Round 5: Satellite connect-the-dots.

Round 6: The image from round 3 is more than meets the Eye. (There is a hint in round 1.)

Good luck!


This could be yours (via

We are pleased to be giving an Amazon Fire TV to the first team to complete the bonus round of this year’s Network Forensics Puzzle Contest. You don’t need to complete all the other rounds to be in the running, just the eighth bonus round.

Our contest phone will be deactivated soon, so please submit your answers to myself at asawyer[at]lmgsecurity[dot]com or my colleague Bryan at bschmidt[at]lmgsecurity[dot]com. Good luck, and we look forward to seeing your solutions!

DEFCON 22 is coming up in just a few short weeks, and we’ll be hosting our fifth annual Network Forensics Puzzle Contest featuring Edward Snowden, obscure sporting events, and various North Korean officials. We look forward to seeing you there!

As you prepare for this highly competitive contest, make sure you check out this excellent walkthrough of last year’s puzzle by second-place finisher Tom Pohl.

See you at DEFCON 22!

Over 250 teams entered the Network Forensics Puzzle Contest at DEFCON 21. Congratulations to this year’s Winning Team: “Red Team”! We hope you enjoyed competing, and we look forward to seeing you again next year.

Top Three Finalists at DEFCON 21:

1. Red Team
2. Tom Pohl

The contest decryption keys, answers, and a walk-through of the solutions will be posted the week of 9/22/13. Thank you for playing!

Copyright 2013, LMG Security. All rights reserved.

Network Forensics Puzzle Contest #10 posed a serious challenge, requiring contestants to demonstrate advanced reasoning and meticulous attention to detail, even when reading the scenario. Thank you to everyone who submitted an entry for Puzzle #10, and a special congratulations to the relatively small number of folks who submitted correct answers.

The winner of this contest is…Steve B. ! Steve was both the first person to solve the contest AND the person to have the most eloquent solution. He’ll be receiving a prize for being first and the Blackhat Black Card! We’ll be posting a walkthrough and answers in the coming weeks. Steve wrote a great write-up [available here].

Honorable Mentions:

  • Jatiki
  • Zak


We received several requests from DEFCON attendees asking us to post the decryption keys and answers for the DEFCON 2012 contest. The decryption keys and answers are posted below. We will post the list of winners, and a walk-through of the solutions soon. Thank you for playing!

Decryption Keys
Contest Container: W3lc0m3toNFPC2012@defcon
Round2: Aw3s0m3s4uc3@
Round3: DFC=w00t!
Round4: 4r3g3ttingh4rd
Round5: tHiswi11b3fun#
Round6: Th3R4c3is0n$


Answers to DEFCON 2012 Contest Questions

Round 1 Answer: 99901

Round 2 Answer: Golden Alley

Round 3 Answer: ICdarkwater

Round 4 Answer: 15684-b5.12

Round 5 Answer: 2300

Round 6 Answer: Dogfort

Copywrite 2012, LMG Security. All rights reserved.

Join Eric Fulton on Thursday, June 14 at 1:00 PM ET for the BlackHat Webcast, “Network Forensics: Uncovering Secrets of Mobile Applications“. You might even learn something for contest 10…which will be presented live later today on PaulDotCom!

On the Internet, every action leaves a mark—in routers, firewalls, web proxies, and within network traffic itself. When a hacker breaks into a bank, or an insider smuggles secrets to a competitor, evidence of the crime is always left behind. But what about mobile devices? What seemingly innocuous information are they sharing with, and without, your knowledge?

In this webcast, watch as Eric Fulton analyzes mobile network traffic and discover some interesting details about your favorite applications. You will see him locate GPS co-ordinates, identify installed mobile applications, and more.

Hello Everyone!
It has been a busy year, and once again we find ourselves nearing Defcon where we run the wildly popular Network Forensics Puzzle Contest. We have some good things in store for the coming months and would like to share.

We are running a NFPC over at PaulDotCom in the coming month. When it’s live we will share the link here. You should also check out PaulDotCom for a heap of great articles and videos.

Blackhat USA 2012
Want to be taught by the people who literally wrote the book on Network Forensics? Register for their highly praised course “NETWORK FORENSICS: BLACK HAT RELEASE” to learn the latest techniques in the field of Network Forensics. You’ll even get the book at 25% off, since it is the course text.

Defcon 20
Going to DEFCON? Join us at for the annual DEFCON Network Forensics Puzzle Contest, and win a shiny new iPad!

Other updates can be found following our twitter (@LMGSecurity or @trisk3t), our LinkedIn Page, or our Facebook Page. Cheers!

© 2014 Network Forensics Puzzle Contest Suffusion theme by Sayontan Sinha