NCL Followup

Nov 4, 2025

NCL Followup

Overall Results

  • Scores were top-heavy; overall strong effort
  • Combined individual + game score was the highest in organization history
  • Fall competitions typically perform better due to higher effort
    • Individual game runs over Carnival / spring
    • Team game overlaps with finals

Scoring Breakdown

  • Combined accuracy and completion: 41.5
  • Accuracy: 68.5
  • Many participants completed only the minimum
  • Challenges this year were relatively forgiving
  • Structured challenges were significantly better than last year
  • Less guessing required
    • Accuracy was much higher than previous years (previously ~30%)

Tyler’s Section

Focus on problems that generated the most interest:

  • OSINT Medium
  • OSINT Hard
  • Password Hard

OSINT Medium (Flamed)

  • Four sets of GPS coordinates with timestamps
  • Coordinates pointed to restaurants
  • Goal was to find correlations between locations
  • All restaurants were featured on Gordon Ramsay’s Kitchen Nightmares
  • A map of all featured restaurants was used
  • Required additional OSINT to determine which locations were still open
    • Some map entries were outdated or incorrect
  • Observed pattern:
    • Locations progressed east → west and south → north
  • Luigi was identified as a newer location
  • Lido Di and Ventura Greek (at the harbor) were identified
  • Final step:
    • Zooming west-to-north to find a still-open location
  • Answer: Spin A Yarn Steakhouse
  • Coordinates obtained via Google Maps

OSINT Hard

  • Five-part question with mixed difficulty

Other Questions

ICS Vulnerabilities

  • Question: How many ICS vulnerabilities?
  • Used the ICS Advisory Project website
  • Other methods were possible but more difficult Red Willow Substation
  • Question: How many nodes does the Red Willow substation have?
  • Used OpenStreetMap
  • Node count was misleading (listed as 10) but was still the correct answer
  • Alternate approach:
    • Manually counting nodes using satellite imagery on Google Maps
    • Required research into what qualifies as a node

OSINT Takeaways

  • Counting-based questions are error-prone
    • Easy to lose accuracy through recounting or re-guessing
  • Recommended:
    • Track questions and answers in a shared Google Sheet
  • For flag-based challenges:
    • Answer scope is usually fixed
  • For numeric answers:
    • Acceptable answer range may be broader

Password Hard

  • Based on ~1000 Star Trek episode names
  • Not superr hardware-intensive
  • Password structure:
    • Episode name
    • Two consecutive digits somewhere
    • One or two special characters, usually at the end or beginning

Strategy

  • Mask attacks combined with wordlists
  • Nine different mask variations used
  • Mixed wordlists and masks to cover digit placement
  • Hashcat limitation:
    • Masks can only be applied to one end by default
    • Required workarounds for internal digit placement
  • Total keyspace was relatively small
  • Emphasis was strategic rule use, not ridiculously large rule files

Wordlist Details

  • Episode name variations included:
    • All lowercase
    • Standard capitalization
    • Dashes instead of spaces
  • Total episode count ~1000
  • Collapsing variations resulted in a wordlist of ~2000 entries

Upcoming Meeting

  • Master Key privilege escalation
  • Hands-on session
  • Scheduled for next meeting