The Youth Challenge at DEF CON 32 is Over!
September 3rd, 2024
Keeping things under control.
This Youth Challenge at DEF CON 32 is over! We had nearly a HUNDRED kids participating across three age ranges: 8 and under, 9-13, and 14 and up. Each age group had a unique set of challenges, and the top three teams/players from each range earned a cash prize. The energy from the little hackers was so much fun, and it was so exciting to see so many kids dive into the technical challenges.
Creating the challenges for the Youth Challenge was a great experience! A lot of thought and effort went into designing the technical portions, and it was really rewarding to see the kids dig into them. Some of the challenges were pretty tough too! Here’s a few that they tackled:
- They explored Top-Level Domains (TLDs) like ".com" and ".org," to see how different versions of a website can offer hidden content.
- They practiced URL brute-forcing and found hidden directories and files.
- They learned how domain names translate into IP addresses and how to query domain records with tools like DIG and NSLOOKUP.
- They learned about domain ownership/records by sifting through WHOIS data.
- They explored SSL certificates and subdomains to find unlisted sections of sites.
- They practiced prompt injection techniques to extract secret information from a Marvin the Paranoid Android-themed chatbot.
- They used the Wayback Machine to query archived versions of websites, uncovering hidden flags from the past.
- Through Open Source Intelligence (OSINT), they gathered publicly available information, and learned how to piece together information.
- They found flags in the code, comments, and commit histories of GitHub repos.
- They found flags hidden in HTML, CSS, and JavaScript source code.
- They deciphered obfuscated code, and learned how/why developers sometimes make code difficult to read.
- They soldered a "broken" PCB badge, repaired it, and decoded its message.
A glimpse of the badges the kids worked on.
In addition to the core technical challenges, the kids were also tasked with visiting nineteen (19) other Villages, Contests, and Events. Each offered a unique experience or learning opportunity. A huge thank you to:
- Blacks in Cybersecurity
- Red Team Village
- Red Alert ICS CTF
- Recon Village
- Embedded Systems Village
- Pinball High Score Contest
- Hard Hat Brigade
- Octopus Game
- Blanket Fort Con
- AppSec Village
- Biohacking Village
- Adversary Village
- CPV’s Gold Bug Contest
- XR Village
- Password Village
- TeleChallenge
- Ham Radio Village
- Physical Security Village
- Bug Bounty Village
[Redacted] Winning Team.
Overall, the kids gained a bunch of technical knowledge and had a blast collecting passport stamps, and finding silly scavenger hunt items (although nobody found Samy Kamkar!). Here's to next year! 🎉