Loading...

Hello Traveler

Welcome to the DFRWS Rodeo! Get ready to test your skills and have fun! Join a team, submit flags, and climb the leaderboard!

No credit card needed :-)

Register Login
Mainpage

April 2nd 20:30

Pivovarská Starobrno map🗺️

Food Beer Yes

Small_element_top

The Story

Between 2008 and 2024, Sister Zora Černá was a respected member of the Dominican Sisters in Brno. However, beneath her pious exterior lurked a rebellious streak. Over the years, she stole donation money, broke monastery rules, and was known for her harsh language toward children visiting the convent.

By January 2024, her misdeeds became too great to ignore, and she was expelled from the church. Humiliated and angry, she reached out to her most loyal ex-sisters and hatched a bold plan: brewing and selling high-proof alcohol online to bypass rising tax rates.

Operating from the underground crypts of an abandoned monastery, the nuns exploited their technical expertise and monastery connections. Using stolen credentials, encrypted messaging, and cryptocurrency, they ran a dark web marketplace that remained undetected for months. With a browsing history enabled (what a bad choice from Tereza), the browsing history showcases visiting various dark web marketplaces and auction portals where they sold booze.

But their luck ran out on April 1, 2025. Strange noises alerted security, leading to the discovery of their hidden lair. The nuns fled, but Sister Tereza left behind her laptop, now the key to uncovering their secrets.

Small_element_top

Case Breakdown The Digital Trail

Phase 1: The Setup (Feb – May 2024)

  • Sister Zora reunites with her ex-nuns and devises a black-market alcohol scheme.
  • She steals an NFC access card to a hidden underground crypt at the monastery.
  • Sister Tereza, a skilled hacker, clones the card, giving them secure access.

Phase 2: The Cyber Operations (July 2024 – February 2025)

  • Network Exploitation: Cracking student Wi-Fi passwords to remain anonymous.
  • Secure Communications: Using "Divine Dispatch," a self-destructing encrypted messaging app.
  • Dark Web Marketplace: Accepting payments in Bitcoin and laundering transactions through tumblers.
  • Stealthy Logistics: Drop points in abandoned churches, eliminating direct handoffs.

Phase 3: The Discovery (March – April 2025)

  • March 2025: Computer science students report strange noises underground.
  • April 1, 2025: Security discovers the hidden lair; the nuns flee, but Sister Tereza forgets her laptop.
  • April 2, 2025: Forensic analysis begins, uncovering digital evidence.
Small_element_bottom

Digital Forensic Evidence

As you embark on the next phase of our cyber sleuthing adventure, it’s time to dive deep into the digital frontier and dissect the treasure trove of evidence extracted from the target system. Each artifact—from the single disk image available in multiple formats to the network capture log—holds the key to unraveling the intricate web of digital clues.

    Raw Disk Image
  • Compressed 2.3GiB (MD5 bc4b2812065d8c5ae370d7a3ee8e7b32)
  • Uncompressed 20GiB (MD5 556729c34902e76b5e6c183229622c8d)
Download Raw
    E01 Disk Image (same disk, different format)
  • Compressed 3.2GiB (MD5 8eb45a884d0233e3aa0e2f9539bd014b)
  • Uncompressed 3.5GiB (MD5 47334f7b97b4bb20818ff9cdb2140977)
Download E01
    PCAP File
  • Compressed 1.8MiB (MD5 6b5758cfd6887a1cfeb271c0ff16d824)
  • Uncompressed 1.9MiB (MD5 fa61cb524cd8acae9f9005b900e6b0ce)
Download PCAP
    VM image (from ongoing investigation)
  • Compressed 3.2GiB (MD5 af67689bdaad48b318ac6b2f4c3a8306)
  • Uncompressed 3.4GiB (MD5 3bd28efffaaa479c2448f9c00921767b)
Download VM image

Please note that all files are encrypted. The decryption password will be provided during the event.

Checksums can be downloaded from here.

Rodeo Rules

  • Teams up to 5 people are allowed
  • Flags can be submited for 120 minutes after the event starts
  • No attacking the event infrastructure. That means do not break this site.
  • No sharing flags between people
  • Respect other participants and play fair.
  • Report any platform vulnerabilities to the organizers.
  • More information on flag format, submition and bonuses can be found on submit page.

Recommended Tools & Skills

  • Wireshark or equivalent for network traffic analysis
  • Reverse engineering and decompilation tools (e.g., Ghidra, IDA Pro) for C++ binaries
  • Virtualization software to run and inspect disk images
  • DB Browser for SQLite for database investigation
  • Blockchain analysis tools for transaction tracing
  • Image forensics utilities for metadata extraction
  • Communication forensics tools for examining logs and encrypted messages
  • File system analysis utilities for data recovery and integrity checks
Small_element_top
Mainpage

Sister Zora inspecting her latest batch in the hidden monastery crypt.

Rodeo Authors

Meet the fearless digital wranglers who brought this rodeo to life. From slingin’ code to ropin’ up designs, they’ve got it all under control (and still find time for coffee)!

Enjoying the site and the rodeo? Your feedback fuels our journey. If you really want to show your support, buy us a coffee.

  • Jan PolišenskĂ˝ Rodeo chair and coordinator, digital mastermind, choral enthusiast, and unstoppable code cowboy riding the wild syntax. LinkedIn
  • Nelson Mutua Tor, cryptography, networking — part-time secret agent of the matrix. Profile
  • Jakub Reš Inventor of the booze-distilling sisters and blockchain development wizard, always ready to chain blocks together like a cowboy corralling digital cattle. Profile
  • Perešíni Martin Deepfake specialist, master of digital disguise who can swap faces faster than a tumbleweed in a dust storm. Profile
  • Radek HranickĂ˝ Local conference chair, infrastructure setup and high level organizational support. Profile
  • Stanislav Bárta (NĂšKIB) Our fearless tester from the NĂšKIB, ensuring our rodeo rides smooth and wild. LinkedIn
  • Ema Krompaščíková Criminal mastermind and great actress.
Small_element_top