Hack-A-Sat 2: The second small step for Pentest

Last year, we took part in the Hack-A-Sat CTF, a challenge run by The United States Air Force and United States Space Force, designed to ‘inspire the world’s top cybersecurity talent to develop the skills necessary to help reduce vulnerabilities and build more secure space systems.’

Boy, did we learn a lot. Astronomy, Astrophysics, Astrometry and Astrodynamics (AAAA) isn’t something we deal with in our normal testing, so, taking part was certainly one giant leap for the team. To finish 127th out of 1278 teams, and solving several AAAA challenges along the way, was therefore a great achievement.

One year on, with the painful memories of trying to work out ECEF coordinates in relation to latitude and longitude still in our minds, we happily signed up again for Hack-A-Sat2.

For those unaware of the format, teams had 30 hours to complete as many challenges as possible. Points are awarded for each challenge solved, the quicker you solve the challenge, the more points you get (jeopardy style CTF) and at the end of the time, the top 10 teams make it through to the finals later in the year.

Being up against pro CTF teams with extensive astrophysics knowledge, we knew we probably wouldn’t be competing for top spots, but we thought a top 10% finish was certainly achievable again this year.

So, on 26 June 2021, we took our second small step into the world of satellites as team Blasteroids.

Pentest Limited | Insight | Hack-A-Sat2

Unlike last year, when we had no idea what we were doing, we got straight into the 3 “launch pad” challenges and had them solved nice and quickly. But that’s when the categories open-up and the complexity starts to ramp up, taking us into the unknown world of quaternions, orbital mechanics, Hohmann Transfer Problems etc.

Categories included:

  • Guardians of the… – “Use your satellite operations & engineering skills to manage space assets”
  • Deck 36, Main Engineering – “Brush off your slide rules to solve a myriad of space themed engineering problems”
  • Rapid Unplanned Disassembly – “Time to pull out those reverse engineering tools”
  • We’re On the Same Wavelength – “RF Communications and related topics”
  • Presents from Marco – “Marco is ruthless and there is no telling what he might throw your way…”

As usual, there was a lot of “I think I have the right approach, but it just isn’t releasing the flag” and “it doesn’t look too complicated, but I can’t work it out”. But the team worked together and pushed through many of the problems to capture the flags. In the end, we completed 11 challenges over the competition, coming 37th out of over 1000 teams! (top 4%, well within our top 10% target.)

Just like last year, we feel we were on the verge of a few solutions that would have catapulted us up the scoreboard, but just couldn’t get them over the line. Stupid Hohmann Transfers! We’ll just have to wait for the solutions to come out and then kick ourselves.

All in all, it was another great experience and the team have certainly picked up new skills. We’ll just have to keep them fresh in the memory bank for next year! Well done team.

Looking for more than just a test provider?

Get in touch with our team and find out how our tailored services can provide you with the information security confidence you need.