2025 WiCyS Target Cyber Defense CTF

INTRO

The 2025 Target + WiCyS Cyber Defense Challenge was a Capture the Flag (CTF)-themed event. This writeup shows my methodology, including tactics, techniques, and procedures in the challenge. As a social scientist, I wanted to try something completely new that would challenge my mind, and it was my first time participating in a CTF event. The event allowed me to gain more practical and technical skills, push myself further, and think outside the box while solving cybersecurity issues.

There were two tiers: Tier 1 is primarily blue team focused and Tier 2 is red team. This write up is based on my experience from Tier 1. I completed 14 challenges in Tier 1, which included the preliminary and main challenges. Each stage had different levels of difficulty, and you could only progress by capturing the flag. While the MITRE ATT&CK framework encompasses over 300 adversarial tactics, techniques, and common knowledge, I explored the connections during the challenges and added a few to this write up as a way to build familiarity.

KEY TAKEWAYS

Strengthened network analysis, intelligence analysis, and digital forensics skills through mock hands-on CTF challenges.
Learned to use various sources of research methods from manual to automation analysis during complex investigations.
Practiced negotiation and incident response techniques in ransomware scenarios.
Reinforced the importance of having patience, persistence, determination, and analytical thinking when handling cybersecurity challenges.

SCENARIO

In Tier 1, we worked through simulated cyberattack scenarios against a tech company, Personalyz.io, to test our ability to detect, analyze, and respond to threats. Personalyz.io is a mid-size company with 500 employees that offered data collection SaaS products for the purpose of targeted ads. Personalyz.io received a ransom demand, and we played the defender to identify the intrusion and determine how the data was exfiltrated. The challenges focused on threat detection, digital forensics, incident response, network analysis, and threat intelligence.

PRACTICE CHALLENGES

Click on any box below to view the challenge.

P1. wicys[Welcome]

Points: 30

Category: Tutorial

P2. Hidden Challenges

Points: 40

Category: Recon

P3.1 Sub Challenge

Points: 50

Category: Misc

P3.2 Limited Attempts

Points: 50

Category: Misc

P4. Hints

Points: 20

Category: Tutorial

P5. Cooperation

Points: 60

Category: Collaboration

P6. Scenario

Points: 70

Category: Scenario

MAIN CHALLENGES

Click on any box below to view the challenge.

D1. Mystery Mail

Points: 100

Category: Email

D2. Not So Simple Mail Protocol

Points: 150

Category: Networking

D3. Ransom Wrangler

Points: 200

Category: Malware

D5. Ahoy, PCAP'n!

Points: 120

Category: Packet Analysis

D6. Smuggled Away

Points: 180

Category: Steganography

D7. Endpoints and Exfiltration

Points: 220

Category: Forensics

D8. Shadow Commit

Points: 250

Category: Git/Version Control

DISCLAIMER

These write-ups provide educational insight into the process I followed to complete each challenge. Since Tier 1 officially ended, we were given the green flag (pun intended) to create our write-ups, including the flag answers.