What is Defcon

Before getting into the writeups it’s worth quickly going over the infamous Defcon. Defcon is a meetup/conference for hackers and tinkerers from around the world to meetup with like minded people. There is a wide range of subsections and interests in Defcon itself organized around “villages”.

A few villages include:

  • Car hacking village
  • Packet hacking village
  • Voting machine hacking village
  • Cloud village
  • Lockpick village
  • many, many more

What is Cloud Village

Cloud village is a village at Defcon self described as:

Cloud Village is an open space to meet folks interested in offensive and defensive aspects of cloud security.

They have provided Jeopory style CTF (capture the flag) competitions that I (and friends) have competed in as a team the past couple of years. We actually won the Defcon 29 Cloud Village CTF and were looking to play again. Cloud Village CTF prompts are generally extremely broad and often have red herrings. Further, Cloud Village questions are generally more than one step, meaning the first clue you find generally leads to another and so on.

Jeopordy style means the CTF solutions are submitted in standardized flags. For cloudvillage, the format was FLAG-{ANY_32_CHARS_HERE}; for example: FLAG-{abcdefghijklemnopqrstuvwxyz1234567890}

Writeups

Here are a list of writeups for the 2022 capture the flag. We are missing 2 or 3 because we didn’t complete them and/or didn’t document them well enough throughout. If you have a missing one please reach out :).

Overconfident CISO - 200 Points

My Bucket Is Yours - 200 Points

Deep Dive Into Vessel - 300 Points

Big Bad Darkweb - 400 Points

Gold Hunter - 400 Points

Team

These writeups will liberally interchange the words “I” and “we”. None of the problems were actually solved alone by me, but rather the following team: