DrunkenShellz
1st place
10924 points
Awards
Vulnerability Disclosure Champion
1000
Vulnerability Disclosure Champion
1000
Vulnerability Disclosure Champion
500
Vulnerability Disclosure Champion
1000
Vulnerability Disclosure Champion
2000
Vulnerability Disclosure Champion
1500
Hint 21
hints
Hint for Part 2 - United States Patent Office - 01/12/2009
-10
Hint 19
hints
Hint for Part 2 - United States Patent Office - 01/12/2009
-10
Solves
| Challenge | Category | Value | Time |
| Improvement in Key Areas, Like Supply Chain | Awareness Center : It Is an Order, Executive One! | 15 | |
| Jane Doe's CPAP Machine Serial Number | Emergency Room : CPAP Machine Forensics | 50 | |
| The Semiconductor Kind of Chips | Awareness Center : Chips, French Fries or Other? | 10 | |
| Are French Fries The European Chips? | Awareness Center : Chips, French Fries or Other? | 10 | |
| American Fries or Chinese Chips? | Awareness Center : Chips, French Fries or Other? | 10 | |
| French Fries | Awareness Center : Chips, French Fries or Other? | 10 | |
| Pulse Ox RE Challenge 1 | TeleCare Division : Pulse Oximeter | 20 | |
| Shred your PHI! | St. Elvis Digital Twin (Unity Game) | 50 | |
| Who Fights in our Corner? | Privacy Center: Hello Halo, Apple Watch and Fitbit! | 10 | |
| Are our PGHD protected? | Privacy Center: Hello Halo, Apple Watch and Fitbit! | 10 | |
| Bring them to their knees... | Awareness Center : Healthcare Orgs are not Immune | 5 | |
| DND: Do Not Defib! | Awareness Center : Vulnerability Management | 10 | |
| Let's Play a Game | Awareness Center: Fake News | 5 | |
| FDA Safety Communication - 2 | Awareness Center : Vulnerability Management | 12 | |
| HDO Representative | Awareness Center : Vulnerability Management | 5 | |
| CVE | Awareness Center : Vulnerability Management | 5 | |
| Global Dates | Breaches | 5 | |
| Vaccine Storage Freezer Issues | Hospital Building Automation System: BACNet | 100 | |
| Raspberry in Secret Test Lab | Hospital Building Automation System: BACNet | 100 | |
| Calling Tiger Woods... | Awareness Center : Healthcare Orgs are not Immune | 10 | |
| Am I in the flood zone? | Awareness Center : Healthcare Orgs are not Immune | 10 | |
| A Preventable Tragedy | Awareness Center : Healthcare Orgs are not Immune | 10 | |
| Scary Screenshot | Awareness Center: Healthcare Orgs are not Immune | 5 | |
| Don't use the shredder just yet... | Awareness Center : Healthcare Orgs are not Immune | 10 | |
| Executive Order | Awareness Center: It Is an Order, Executive One! | 5 | |
| ICS-CERT Advisory IDs | Awareness Center : Vulnerability Management | 5 | |
| Lights in ICU | Hospital Building Automation System: BACNet | 100 | |
| Breach Count | Breaches | 5 | |
| Shame! Shame! Shame! | Breaches | 5 | |
| We're All Individuals! | Breaches | 5 | |
| Stage 2 | Ransomware | 50 | |
| Vaccines for sale | Dark(net) Times | 30 | |
| Share This With Bad Intention | Awareness Center: Mis-/Disinformation During Pandemic Times | 5 | |
| Do You Understand? | Awareness Center: Mis-/Disinformation During Pandemic Times | 5 | |
| FDA Safety Communication | Awareness Center : Vulnerability Management | 20 | |
| Attacking The Hospitals: The Aftermath | Awareness Center: Mis-/Disinformation During Pandemic Times | 5 | |
| Attacking The Hospitals | Awareness Center: Mis-/Disinformation During Pandemic Times | 5 | |
| Put on some pants! | Awareness Center : Mis-/Disinformation During Pandemic Times | 10 | |
| What is Your Solution? | Awareness Center: Mis-/Disinformation During Pandemic Times | 200 | |
| Is that a fake Gucci? | Awareness Center : Mis-/Disinformation During Pandemic Times | 10 | |
| RTPCR Host Manufacturer | COVID-19 Test Lab | 10 | |
| What Brand Was It? | COVID-19 Test Lab | 15 | |
| The physician's office | Certification Center: HCISPP Day2 | 12 | |
| NIST guidance | Certification Center: HCISPP Day2 | 12 | |
| Medical Record numbers | Certification Center: HCISPP Day2 | 12 | |
| Safe Harbor and HIPAA | Certification Center: HCISPP Day2 | 11 | |
| Medical devices integration | Certification Center: HCISPP Day2 | 11 | |
| Internal threat | Certification Center: HCISPP Day2 | 11 | |
| Intended purposes | Certification Center: HCISPP Day2 | 11 | |
| Information policy | Certification Center: HCISPP Day2 | 11 | |
| Healthcare dataset | Certification Center: HCISPP Day2 | 11 | |
| GAPP | Certification Center: HCISPP Day2 | 11 | |
| Framing | Certification Center: HCISPP Day2 | 11 | |
| DSP toolkit | Certification Center: HCISPP Day2 | 11 | |
| Disaster recovery | Certification Center: HCISPP Day2 | 11 | |
| Data breach notification | Certification Center: HCISPP Day2 | 11 | |
| US agency | Certification Center: HCISPP Day2 | 10 | |
| Third-party agency | Certification Center: HCISPP Day2 | 10 | |
| HSM | Certification Center: HCISPP Day2 | 10 | |
| First healthcare regulation | Certification Center: HCISPP Day2 | 10 | |
| Cyberattack | Certification Center: HCISPP Day2 | 10 | |
| Confidentiality | Certification Center: HCISPP Day2 | 10 | |
| Third-party risk assessment | Certification Center: HCISPP Day2 | 9 | |
| Security controls | Certification Center: HCISPP Day2 | 9 | |
| Common-access card | Certification Center: HCISPP Day2 | 9 | |
| Single-sign-on authentication | Certification Center: HCISPP Day2 | 9 | |
| Send our Health Data Out! | Privacy Center: Hello Halo, Apple Watch and Fitbit! | 10 | |
| Digital Twin is Back Up and Running Again! | St. Elvis Digital Twin | 200 | |
| Stage 1 | Ransomware | 30 | |
| Indicator of compromise | Ransomware | 20 | |
| Tracing the malicious actor | Ransomware | 30 | |
| Target on your back | Ransomware | 20 | |
| Ransom note part II | Ransomware | 20 | |
| The responsible | Certification Center: HCISPP Day1 | 12 | |
| INCLUDES NO DIRT | Awareness Center: Healthcare! Acronyms! | 6 | |
| STRIDE | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| Part 1 - United States Patent Office - 16/11/2009 - Command Prompt | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| Ransom note | Ransomware | 15 | |
| Tampered Data | Technical Training Center: T-ATP | 10 | |
| Compromised PACS / DICOM Server - Question 6 | DICOM | 45 | |
| Compromised PACS / DICOM Server - Question 5 | Radiology: DICOM | 40 | |
| Unsafe Items | Training Center: T-ATP | 15 | |
| Veni, vidi, vici | The Device Lab | 500 | |
| Part 1 - United States Patent Office - 16/11/2009 | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| FMEA | Awareness Center: Healthcare! Acronyms! | 3 | |
| HDO | Awareness Center: Healthcare! Acronyms! | 3 | |
| HIMSS | Awareness Center: Healthcare! Acronyms! | 3 | |
| HIPAA | Awareness Center: Healthcare! Acronyms! | 3 | |
| HL7 | Awareness Center: Healthcare! Acronyms! | 3 | |
| RSS-MD Difference | Awareness Center: Risk "Management" | 5 | |
| RSS-MD 2-Factor | Awareness Center: Risk "Management" | 5 | |
| FHIR | Awareness Center: Healthcare! Acronyms! | 3 | |
| DiME | Awareness Center: Healthcare! Acronyms! | 3 | |
| DICOM | Awareness Center: Healthcare! Acronyms! | 3 | |
| CGM | Awareness Center: Healthcare! Acronyms! | 3 | |
| CDRH | Awareness Center: Healthcare! Acronyms! | 3 | |
| Power Trace Side Channel Attack | Embedded Device | 200 | |
| SicGRL | Awareness Center: Cyber! Acronyms! | 3 | |
| SBOM | Awareness Center: Cyber! Acronyms! | 3 | |
| RSS-MD | Awareness Center: Cyber! Acronyms! | 3 | |
| GDPR | Awareness Center: Cyber! Acronyms! | 3 | |
| PHI | Awareness Center : Healthcare! Acronyms! | 5 | |
| Electronic health | Certification Center: HCISPP Day1 | 13 | |
| Security and privacy | Certification Center: HCISPP Day1 | 12 | |
| NIST | Certification Center: HCISPP Day1 | 11 | |
| Vulnerability scan | Certification Center: HCISPP Day1 | 11 | |
| Chief Privacy Officer | Certification Center: HCISPP Day1 | 11 | |
| Level of security | Certification Center: HCISPP Day1 | 10 | |
| External auditors | Certification Center: HCISPP Day1 | 10 | |
| Database | Certification Center: HCISPP Day1 | 10 | |
| Coding system | Certification Center: HCISPP Day1 | 10 | |
| BYOD | Certification Center: HCISPP Day1 | 10 | |
| Purging data | Certification Center: HCISPP Day1 | 9 | |
| ISAC | Certification Center: HCISPP Day1 | 9 | |
| EHR | Certification Center: HCISPP Day1 | 9 | |
| Data breach investigation | Certification Center: HCISPP Day1 | 9 | |
| Authority role | Certification Center: HCISPP Day1 | 9 | |
| Risk assessment | Certification Center: HCISPP Day1 | 8 | |
| Protection | Certification Center: HCISPP Day1 | 8 | |
| Management council | Certification Center: HCISPP Day1 | 8 | |
| Chain of trust | Certification Center: HCISPP Day1 | 8 | |
| Access and correction | Certification Center: HCISPP Day1 | 8 | |
| Privacy situation | Certification Center: HCISPP Day1 | 6 | |
| Medical record | Certification Center: HCISPP Day1 | 7 | |
| HIPAA | Certification Center: HCISPP Day1 | 14 | |
| Which agreement? | Certification Center: HCISPP Day1 | 10 | |
| MDS2 | Awareness Center: Healthcare! Acronyms! | 5 | |
| EHR | Awareness Center : Healthcare! Acronyms! | 5 | |
| IMDRF | Awareness Center : Healthcare! Acronyms! | 5 | |
| What is WHO? | Awareness Center : Healthcare! Acronyms! | 5 | |
| PACS | Awareness Center: Healthcare! Acronyms! | 3 | |
| CVSS | Awareness Center: Cyber! Acronyms! | 3 | |
| BSIMM | Awareness Center : Acronyms! Acronyms! Acronyms! | 5 | |
| NFC | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| MDM | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| JSP | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| ISO/IEC | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| ICS-CERT | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| HHS | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| H-ISAC | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| Shady Place | Awareness Center : Security 101 | 5 | |
| Email Deception | Awareness Center : Security 101 | 5 | |
| DFIR | Awareness Center : Security 101 | 5 | |
| FDA | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| BLE | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| AAMI | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| Compromised PACS / DICOM Server - Question 2 | Radiology: DICOM | 20 | |
| Compromised PACS / DICOM Server - Question 1 | Radiology: DICOM | 30 | |
| Let's Share Some Keys | Technical Training Center: T-ATP | 30 | |
| Traffic At The Hospital: Pt. 3 | Technical Training Center: T-ATP | 25 | |
| Jack of All Rippers | Technical Training Center: T-ATP | 20 | |
| Traffic At The Hospital: Pt. 2 | Technical Training Center: T-ATP | 25 | |
| Traffic At The Hospital: Pt. 1 | Technical Training Center: T-ATP | 25 | |
| Metadata Everywhere! | Technical Training Center: T-ATP | 30 | |
| A Whole Lotta Strings | Technical Training Center: T-ATP | 50 | |
| Format String Symphony | Technical Training Center: T-ATP | 100 | |
| Medical Overflow | Technical Training Center: T-ATP | 100 | |
| Object Diving | Technical Training Center: T-ATP | 100 | |
| A New Vinaigrette Recipe | Technical Training Center: T-ATP | 20 | |
| Blank Space | Technical Training Center: T-ATP | 20 | |
| Ciphers Galore | Technical Training Center: T-ATP | 20 | |
| The future is here! | St. Elvis Digital Twin | 200 | |
| Verify me | Orientation | 5 | |
| Primanoculation | Host Access | 40 | |
| WireGuard Filetype | Host Access | 10 | |
| WireGuard Endpoint | Host Access | 10 | |
| Discord Communications | Orientation | 20 | |
| Simple Service Access - port 80 | Orientation | 20 | |
| Simple Service Access - port 40 | Orientation | 20 | |
| Email Communications | Orientation | 10 | |
| CTFd - Profile | Orientation | 5 | |
| CTFd - Scoreboard | Orientation | 5 | |
| CTFd - Teams | Orientation | 5 | |
| CTFd - File Download | Orientation | 5 | |
| CTFd - First! | Orientation | 5 |