What is the DFRWS Rodeo?

The DFRWS Rodeo is a team based event where participants group together to solve forensically themed challenges in order to score points.

The Rodeo is open to all attendees of the conference, regardless of ability level, and is designed to be a lighthearted social event where participants can meet new people and learn new skills.

How does it work?

The rodeo takes the form of a jeopardy style capture-the-flag event. A set of challenges will be released, spanning a number of categories and point values, and teams will have a limited amount of time to solve as may as they can. Each challenge, once solved, will produce a “flag” value, a short text string that must be submitted to the game sever in order to score points.

Flags are typically case-sensitive and often contain underscores and other symbols. In some cases, they will be clearly marked as a flag.

Examples:

flag:ThisIsAFlag
this_is_also_a_flag
Th1s_1s_An0tH3R_f1ag

What are the challenges like?

Challenges range from entry level to advanced in terms of difficulty, and this is typically reflected in how many points they are worth. In the past, challenges have spanned a wide variety of disciplines related to digital forensics and incident response, such as crypto, file/disk/memory/network forensics, dynamic analysis, and reverse engineering. Check out the problem sets section for examples of challenges from previous years.

Where will the Rodeo be?

The rodeo will be completely online. Details will be provided during the Rodeo slot of the conference schedule.

How do I participate?

Simply sign up on the Rodeo site after the link is published during the Rodeo.

Please note, you will be required to sign up with the same email address you used to register for the conference.

What if I don’t have a team?

A Rodeo Slack will be available to communicate with other players, and a dedicated “looking for group” channel will be available. Details will be shared during the Rodeo Opening.

Please note that due to this year’s new format there will be a hard limit of 5 members per team. Account sharing or collusion will result in disqualification.

I think this challenge is broken, what should I do?

Reach out to one of the moderators of the Rodeo Slack. A dedicated announcements channel will provide broadcasts of any updates to challenges.

What do I need to participate?

Nothing other than a web browser and your brain will be required, but the following tools may or may not help with challenges:

  • Virtualization software (eg vmware, virtualbox)
  • Windows / Linux virtual machines
  • Disk analysis tools (eg sleuth kit, foremost)
  • Memory analysis tools (eg volatility, rekall)
  • Network analysis tools (eg wireshark)
  • Document analysis tools (eg Office, oledump)
  • File analysis tools (eg file, hex editor)
  • Dynamic analysis tools (eg dbg, ollydbg, procmon)
  • Static analysis tools (eg IDA, ghidra, strings)
  • Your scripting language of choice

Some challenges may need specific software, so be prepared to download and install things on the fly as well.