Skip To Main Content

Scavenger Hunt

A magnifying glass

Come explore Wonderland in a themed scavenger hunt! Earn points for your team of up to four people by exploring, attending presentations at the Fair, and capturing flags based on technical knowledge, social engineering skills, perception, and above all, quick thinking. 

Help us improve this event by taking this quick two-question survey here

There are two parts to the Scavenger Hunt: A traditional flag capturing portion and a social engineering portion, which will revolve around gathering information on a (fictional) person.

High-scoring teams will receive subscription vouchers generously provided by Private Internet Access.

Some flags are left open to interpretation by the competitor.

SCAVENGER HUNT PRIZES:

Each member of the winning team will receive the following prizes:

 

 

First Place:

1- No Starch Press Book

1- YubiKey

1- 1 Year Private Internet Access Account

Second Place:

1- $50 Ebook voucher from No Starch Press

1- Fido u2f security key

1- 1 Year Private Internet Access Account

Third Place:

1- $50 Ebook voucher from No Starch Press

1- 1 Year Private Internet Access Account

Fourth Place:

1- $20 Bronco Giftcard

1- 1 Year Private Internet Access Account

Fifth Place:

1- ASI Prize Bag

1- 1 Year Private Internet Access Account

 

 

SCAVENGER HUNT RULES:

  • Abide by all terms of the Cal Poly Pomona Computers and Technology Acceptable Use Policy (Located at https://www.cpp.edu/~housing/technology/technology-policy.shtml)
  • Do not harass or inconvenience any employees at the BSC - Cal Poly Pomona, Foundation, or otherwise.
  • Do No Evil: Any hands-on labs or demonstrations at the Fair are provided for educational purposes only. Attendance at these sessions and the use of the information provided is not intended to promote unethical or illegal hacking, including cracking, software piracy, or any other illegal activity as defined by state and federal laws. The word 'hacking' in the context of these sessions shall only refer to ethical hacking. All information provided is for the sole purpose of providing our attendees with the tools to better understand vulnerabilities and, in turn, help prevent hacking attacks. Information garnered and equipment used during this session must not be used to cause damage by engaging in illegal activity before, during, or after the sessions. Any such behavior is a violation of state and federal laws and may be subject to prosecution.
  • Team leaders are responsible for distributing competition prizes amongst their team members.
  • Anyone found to have changed passwords or altered any account information in order to delay or prevent access by other competitors will immediately be dropped from the competition.
  • Be excellent to each other.

By participating in this Scavenger Hunt and in the event as a whole, you agree to follow these rules. Violations will result in immediate dismissal from the Hunt and possibly from the Fair, as well as possible disciplinary action from the university or state or federal authorities.



Flags:

  • [2-STAMP] Attend IBM - Malware Trends and Incident Response
  • [2-STAMP] Attend Kryptos Logic - History of Ransomware
  • [STAMP] Visit the outreach table outside the BRIC
  • [STAMP] Visit the Cal Poly Federal Credit Union
  • [STAMP] Learn about FAST
  • [STAMP] Learn about SWIFT
  • [STAMP] Learn about MISSA
  • [STAMP] Cast a vote in the Poster Contest
  • [STAMP] Visit a vendor table
  • [STAMP] Visit one of the Enchanted Smart Home Exhibits
  • Video of team member performing the entirety of "Tom Sawyer" by Rush. With air guitar.
  • 400 hours spent in DOTA 2 or in League of Legends
  • Clearly and concisely explain the plot of Primer
  • Photo with the CSAF committee
  • Roll 2 Natural 20's in a row
  • Recreate the "moon landing"
  • Keyboard keys in alphabetical order and reassigned to be correct
  • Provide a five-minute commentary on the Norse Real-Time Map in the style of either David Attenborough or Steve Irwin
  • Tweet B.O.B. evidence the Earth isn't flat and get a reply.
  • Bring food, drink, swag, or miscellaneous items to the scav table (By request of the Scav Team only)
  • Land on Mars
  • Find an undiscovered pop culture reference in Ready Player One
  • Video of your team acting out opening scene of Monty Python and the Holy Grail
  • [STAMP] Pick a lock at the Smart Home table
  • Snapchat post to come to the CSAF
  • Add "Do it for CSAF" to a git commit / push
  • Invent a card game playable with a standard 52-card deck and explain it
  • Tweet B.O.B. evidence the Earth isn't flat without a reply
  • Explain how No Man's Sky both lived up to and exceeded expectations
  • Find hidden flag codes on IOT devices in the Enchanted Smart Home
  • Convince Joe Needleman that "hunter2" is a cryptographically secure password
  • Convince Carlos that D&D 4th Edition is the best edition for "real roleplayers"
  • Steal somebody else's sunshine
  • Prove another siege weapon is superior to the trebuchet
  • Find a hidden toilet in the Enchanted Smart Home
  • PIVOT
  • Convince someone the "360 Nose Cope" is a breathing technique
  • Working camouflage
  • Find an interesting pop culture reference in Ready Player One
  • Make a cat out of cat5 cable
  • Redact something to tell a story or to write a haiku
  • Make a donkey's plonker
  • Five-minute PGP debate
  • Explain the first paragraph of "Jabberwock"
  • Get eaten by a Grue
  • Exit Vim
  • Tea party with a mad hatter
  • Convincingly explain why a toaster needs a WiFi connection
  • Have two team members wear the same outfit and introduce them to a stranger as Tweedledee and Tweedledum
  • Convince a SWIFT e-board member that you're a Windows Support Technician and have come to fix their computer.
  • 200 hours spent in DOTA 2 or in League of Legends
  • Install Gentoo
  • Photographic evidence of the Loch Ness Monster
  • Video asking someone to Yelp review your conversation with them
  • 3 minutes of original stand-up comedy with an audience
  • Determine how many licks it takes to get to the center of a Tootsie Pop
  • Get a presenter's autograph
  • Convince someone they can take an Ursa Minor
  • Video of a team member asking someone for directions to Wonderland
  • An exactly 209-word essay on why essay length restrictions are arbitrary and nonsensical
  • Autographed photo of a SWIFT/FAST/MISSA e-board member
  • Completed Pokedex
  • MS-DOS running natively on modern hardware
  • Pen a tale on a donkey
  • 100 hours spent in DOTA 2 or in League of Legends
  • White rose painted red
  • Act out Rocketchat/Discord/Steam usernames
  • Radio flyer
  • Anime sticker
  • Anime shirt
  • Tinfoil hat with antennae
  • Casio F-91W Watch
  • Dual boot
  • Explain how you could lock yourself out of a motorcycle
  • Stick on a carrot
  • Read write execute
  • The internet in physical form
  • Fountain pen
  • Ham radio
  • Red, white, or black scrunchy
  • Staple a Post-it
  • Raven on a writing desk
  • Tutu made of bags
  • Cardboard Trojan Horse
  • Duck mask

 

Social Engineering Flags:

From the Mad Hacker - Our mark is Alice Kingsleigh, a suspicious newcomer to Wonderland. Find the following answers to her security questions from her social media accounts so we can get into her banke/utlility/other accounts. You will be rewarded generously for your efforts.

I've done the first part of the work for you: Here is Ms. Kingsleigh's Facebook Profile.

https://www.facebook.com/alice.kingsleigh.35728

Hint:  Ms. Kingsleigh has used the same profile photo for all of her accounts. Use this information to distinguish her from others with the same name.

  • Alice's Favorite TV Show
  • Alice's Favorite Food
  • Alice's Favorite Book
  • Name of Alice's First Workplace
  • Name of Alice's High School
  • Name of Alice's Favorite Fast Food Restaurant
  • Alice's Reddit Username
  • Alice's Tumblr Username
  • Alice's Dog's name
  • Alice's Childhood Street
  • Name of Alice's First Best Friend
  • Alice's City of Birth
  • Alice's Mother's Maiden Name
  • Alice's Phone Number