Capture The Flag: Project HEAVENWEB

Hack In The Box Amsterdam 2015 CTF Teaser!

The Capture-The-Flag Teaser will be online starting 6th of March @ 20:00 CET to give players a general idea of the interesting challenges they will be facing during the onsite game. The teaser CTF will consist of 4 challenges spread across  different areas of interest such as: forensics, web & binary analysis. You will be able to access the challenges from the 6th of March till the 1st of April at All you have to do is sign up and enjoy the Internet of Things! And don’t forget to join us on IRC: #HITBCTF

Hack in the Box Amsterdam 2015 CTF tl;dr;


This is a call to all active operatives.

Return to base immediately.

Project HEAVENWEB has been compromised.

The air gap between HEAVENWEB’s Skeleton Key Server was bridged last night, when during a routine maintenance procedure a mechanic connected the wireless charging station of his Smart Shoes to an open USB port.

We assume that unknown actors must have previously compromised this charging station, as seconds after connecting the device the SKS started reporting an integrity breach and Signals detected both bluetooth and satelite communications, originating from within the Vault, presumably from the Smart Shoes’ integrated SatCom module.

Inspection of the SKS has shown that the Data Exchange Enabled Device Skeleton Key Database – assembled under the Happy Puppy Directive of 2016 – and all of its backups have been completely destroyed, presumably after having been exfiltrated to an unknown threat agent.

This is a call to all operatives to return to base and stand by for identification of the threat agent and subsequent retrieval / removal operation of the database.

Forensics of HEAVENWEB’s remains and the communications picked up by Monitoring suggest that preliminary results will be available from the 1st of March, 2015, with full intel and engagement tactics developed in May.

The codename for this campaign will be #HITBAMSCTF. Please prepare for immediate reassignment to this campaign during the 28th and 29th of May 2015.

IMPORTANT: Project HEAVENWEB and all programs reliant on its data monitoring or device access capabilities, such as DEFIANTSTREETLAMP, LEFTCOOKIE and ZANZIBARDELIGHT are currently UNAVAILABLE. Please use project RUBBERHOSE as a temporary fall back where necessary.

Registered Teams

  1. (NL) Connect, Engage, Hack (CEH)
  2. (DE) StratumAuhuur
  3. (NL) Hack.ERS
  4. (NL) :Duurtlang
  5. (UK) 0xbadf00d
  6. (UA) DCUA
  7. (NL) b0rk
  8. (NL) 38bit
  9. (NL) Hopjesvla
  10. (NL) SectorC
  11. (FR) HatHackers
  12. (NL) HeapHeapHooray
  13. (NL) VUBAR
  14. (NL) Team Red Ace
  15. (NL) Certified Edible Dinosaurs
  16. (NL) BreakING Bad
  17. (FR) DrunkenPonies
  18. (UK) 0x8F
  19. (NL) Voordeur
  20. (NL) Pindakaas


1st Place – USD3,000

2nd Place – USD2,000

3rd Place – USD1,000

THANK YOU to Beyond Security for their support as CTF and CTF Prize Sponsor!

Beyond RGB 500K