One small step for Pentest – Hack-A-Sat CTF

We’ve tested some cool stuff in our time here at Pentest, oil rigs, face recognition systems, banking systems, health applications, the list goes on... But we’ve never tested anything in space. That may be our final frontier. 

So, when we heard about the Hack-A-Sat Capture the Flag (CTF) challenge run by The United States Air Force, in conjunction with the Defense Digital Service, we knew we had to get involved in. 

Space systems aren’t something we have experience in, and we had no expectations going into the competition. Using it more as a learning opportunity rather than having any hopes of getting near the top of the leaderboard. But we were up for a challenge, and what a challenge it proved to be. 

For those who don’t know the format of the competition, this qualifying stage consisted of a set challenges in a number of different categories, with the top 10 teams being invited back later in the year to hack a representative ground-based and on-orbit satellite system. 

Beginning at 1am on the 23rd May, and lasting for 2 days, the CTF started with a small selection of ‘easy’ challenges, points were awarded when solved and the quickest teams had the advantage of being able to choose which categories they wanted to open up further. 

These categories included: 

  • Astronomy, Astrophysics, Astrometry, Astrodynamics (AAAA) 
  • Satellite Bus 
  • Ground Segment 
  • Communication Systems 
  • Payload Modules 
  • Space and Things 

The easy challenges were fine, and we solved them shortly after the quickest team. However, this team decided to open the AAAA category. Eek! 

This was not within our comfort zone and quite a few hours passed before any teams started to solve the problems. When they did, they then decided to open more challenges within the AAAA category – the monsters! That meant it was quite a few hours before more ‘familiar’, and we use that term loosely, technical stuff started to open. 

In the end, we finished 127th out of 1278 teams, solving several challenges, including two within the AAAA category, which is amazing! We really are Space Nerds now. 

We were also very close to completing several challenges which, if we had, would have catapulted us into the top 20. We’ve subsequently solved a few of these but we suspect we will be kicking ourselves when we see the solutions to the others. 

Considering the size of our team, the nature of the challenges and the people we were competing against, we can be extremely proud of our efforts and we’re looking forward to the next one. 

To infinity and beyond!

Looking for more than just a test provider?

Get in touch with our team and find out how our tailored services can provide you with the cybersecurity confidence you need.