SecTalks Melbourne CTF

Let’s have some fun with SubDomain Exploitation.
We’ll be using the domain "mybits.work" for this CTF.

The first flag, should be relatively easy to find. It will contain information about the other flags.

During this journey, you many need to create/use your own service accounts to attain some flags. Most of the flags can be found by interrogating public DNS related infrastructure.

Not sure where to start? SecLists is your friend.

There are no active attacks in this CTF.
Please do not attack any of the infrastructure. You should be able to complete all the challenges with OSINT and Passive Recon tools. If you find a bug/exploit, let the organisers know immediately. Be nice, or the CTF could go down for everyone.

Good luck. Have fun.

For Challenge 2, find/replace a picture below: