Metadata CTF

Recently, I had the privilege of working with my dear comrade Gabor (@gszathmari) to put together the Metadata CTF:


During this event, participants were asked to sift through a collection of metadata, in order to identify a “whistleblower”. Technically, the challenges were built such that no special tool was required – the entire CTF could reasonably be completed using a web browser (JavaScript made some challenges easier).

The intent of this event was to draw attention to, and provoke thought about, the current Australian metadata retention laws. Those of us, particularly from technical backgrounds may find it difficult to care, preferring to sift through the latest round of ~interesting leaks~ without any real regard to why, and how this fits in the greater context of what’s happening around us.

As much as I love what we do on a fine-grained technical scale, and there’s no other place I’d rather be at 4am on a weeknight than concocting overly complex solutions to simple CTF problems (more on this later – I haven’t been able to write this because the CTF in question is in progress), this stuff is worth thinking about. Here’s some late-night reading for the curious, of varying quality:

And some more reading, courtesy of our dear friends at CryptoParty:

On a related note, I had the privilege of giving out our very first production run Platypus Initiative plushie to the winner of tonight’s event (congratulations team 1337), and two free tickets to PlatypusCon (congratulations team Metamagic):



In the haze of day-to-day business excellence, it easy to lose sight of what’s really important – like doing awesome stuff because we can, and because we care. Like getting fifty of these little (actually they’re fucking huge IRL) plushies made because fuck you, ~why not~.

Thanks everyone who makes this kind of thing possible. Never stop being ~awesome~.

Special thanks to @gszathmari, idont, iy and snail for making this possible.

The challenge will keep running for a little while afterwards, it’s accessible at and… for now.

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Computers, Jesting and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.