S.Health
4th place
4855 points
Awards
Vulnerability Disclosure Champion
500
Solves
| Challenge | Category | Value | Time |
| Who Fights in our Corner? | Privacy Center: Hello Halo, Apple Watch and Fitbit! | 10 | |
| Are our PGHD protected? | Privacy Center: Hello Halo, Apple Watch and Fitbit! | 10 | |
| Send our Health Data Out! | Privacy Center: Hello Halo, Apple Watch and Fitbit! | 10 | |
| A Long Way from Home | What applies? | 10 | |
| St. Elvis and St. Elvis Digital Twin Out of the Woods | St. Elvis Digital Twin | 200 | |
| See in 3D | Awareness Center : Intranet | 10 | |
| For a Better World | Awareness Center : Intranet | 10 | |
| Data and Statistics | Awareness Center : Intranet | 10 | |
| Pulse Ox Cloud: Do backups count as documentation? | TeleCare Division: Pulse Oximeter | 20 | |
| What is Your Solution? | Awareness Center: Mis-/Disinformation During Pandemic Times | 200 | |
| Let's Play a Game | Awareness Center: Fake News | 5 | |
| DND: Do Not Defib! | Awareness Center : Vulnerability Management | 10 | |
| Monitoring Critical Vital Signs | Awareness Center : Vulnerability Management | 10 | |
| FDA Safety Communication - 2 | Awareness Center : Vulnerability Management | 12 | |
| Pulse Ox Cloud: Who is responsible for this mess? | TeleCare Division: Pulse Oximeter | 20 | |
| Pulse Ox Cloud: Stego my ECG-O | TeleCare Division: Pulse Oximeter | 20 | |
| FDA Safety Communication | Awareness Center : Vulnerability Management | 20 | |
| Put on some pants! | Awareness Center : Mis-/Disinformation During Pandemic Times | 10 | |
| Is that a fake Gucci? | Awareness Center : Mis-/Disinformation During Pandemic Times | 10 | |
| Pulse Ox Cloud: Cookies Before Bed? | TeleCare Division: Pulse Oximeter | 20 | |
| American Fries or Chinese Chips? | Awareness Center : Chips, French Fries or Other? | 10 | |
| Are French Fries The European Chips? | Awareness Center : Chips, French Fries or Other? | 10 | |
| The Semiconductor Kind of Chips | Awareness Center : Chips, French Fries or Other? | 10 | |
| French Fries | Awareness Center : Chips, French Fries or Other? | 10 | |
| Pulse Ox Cloud: We have some REACTions to this menu | TeleCare Division: Pulse Oximeter | 20 | |
| All The Jars | Technical Training Center: T-ATP | 10 | |
| Need better isolation | Ransomware | 30 | |
| Malicious proxy | Ransomware | 30 | |
| Stage 3 | Ransomware | 50 | |
| Stage 2 | Ransomware | 50 | |
| Raspberry in Secret Test Lab | Hospital Building Automation System: BACNet | 100 | |
| There's a CVE for everything | Infusion Room: Infusion Pumps | 20 | |
| Pump it Up | Infusion Room: Infusion Pumps | 50 | |
| Pulse Ox RE Challenge 2 | TeleCare Division : Pulse Oximeter | 40 | |
| Pulse Ox RE Challenge 1 | TeleCare Division : Pulse Oximeter | 20 | |
| What Brand Was It? | COVID-19 Test Lab | 15 | |
| Shred your PHI! | St. Elvis Digital Twin (Unity Game) | 50 | |
| Blank Space | Technical Training Center: T-ATP | 20 | |
| Vaccine Storage Freezer Issues | Hospital Building Automation System: BACNet | 100 | |
| Foreign Devices | Hospital Building Automation System: BACNet | 100 | |
| Lights in ICU | Hospital Building Automation System: BACNet | 100 | |
| Jane Doe's CPAP Machine Serial Number | Emergency Room : CPAP Machine Forensics | 50 | |
| Part 2 - United States Patent Office - 01/12/2009 - Malicious Software | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| Digital Twin is Back Up and Running Again! | St. Elvis Digital Twin | 200 | |
| RSS-MD Difference | Awareness Center: Risk "Management" | 5 | |
| Electronic health | Certification Center: HCISPP Day1 | 13 | |
| Security and privacy | Certification Center: HCISPP Day1 | 12 | |
| Vulnerability scan | Certification Center: HCISPP Day1 | 11 | |
| NIST | Certification Center: HCISPP Day1 | 11 | |
| Chief Privacy Officer | Certification Center: HCISPP Day1 | 11 | |
| Level of security | Certification Center: HCISPP Day1 | 10 | |
| Database | Certification Center: HCISPP Day1 | 10 | |
| External auditors | Certification Center: HCISPP Day1 | 10 | |
| Coding system | Certification Center: HCISPP Day1 | 10 | |
| BYOD | Certification Center: HCISPP Day1 | 10 | |
| Purging data | Certification Center: HCISPP Day1 | 9 | |
| ISAC | Certification Center: HCISPP Day1 | 9 | |
| EHR | Certification Center: HCISPP Day1 | 9 | |
| Data breach investigation | Certification Center: HCISPP Day1 | 9 | |
| Authority role | Certification Center: HCISPP Day1 | 9 | |
| Risk assessment | Certification Center: HCISPP Day1 | 8 | |
| Protection | Certification Center: HCISPP Day1 | 8 | |
| Management council | Certification Center: HCISPP Day1 | 8 | |
| Chain of trust | Certification Center: HCISPP Day1 | 8 | |
| Medical record | Certification Center: HCISPP Day1 | 7 | |
| Access and correction | Certification Center: HCISPP Day1 | 8 | |
| Privacy situation | Certification Center: HCISPP Day1 | 6 | |
| Which agreement? | Certification Center: HCISPP Day1 | 10 | |
| Shady Place | Awareness Center : Security 101 | 5 | |
| Email Deception | Awareness Center : Security 101 | 5 | |
| DFIR | Awareness Center : Security 101 | 5 | |
| MDM | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| STRIDE | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| INCLUDES NO DIRT | Awareness Center: Healthcare! Acronyms! | 6 | |
| What is WHO? | Awareness Center : Healthcare! Acronyms! | 5 | |
| PHI | Awareness Center : Healthcare! Acronyms! | 5 | |
| MDS2 | Awareness Center: Healthcare! Acronyms! | 5 | |
| IMDRF | Awareness Center : Healthcare! Acronyms! | 5 | |
| EHR | Awareness Center : Healthcare! Acronyms! | 5 | |
| HL7 | Awareness Center: Healthcare! Acronyms! | 3 | |
| HIMSS | Awareness Center: Healthcare! Acronyms! | 3 | |
| HDO | Awareness Center: Healthcare! Acronyms! | 3 | |
| DiME | Awareness Center: Healthcare! Acronyms! | 3 | |
| FMEA | Awareness Center: Healthcare! Acronyms! | 3 | |
| HIPAA | Awareness Center: Healthcare! Acronyms! | 3 | |
| FHIR | Awareness Center: Healthcare! Acronyms! | 3 | |
| DICOM | Awareness Center: Healthcare! Acronyms! | 3 | |
| CGM | Awareness Center: Healthcare! Acronyms! | 3 | |
| CDRH | Awareness Center: Healthcare! Acronyms! | 3 | |
| PACS | Awareness Center: Healthcare! Acronyms! | 3 | |
| SicGRL | Awareness Center: Cyber! Acronyms! | 3 | |
| SBOM | Awareness Center: Cyber! Acronyms! | 3 | |
| RSS-MD | Awareness Center: Cyber! Acronyms! | 3 | |
| GDPR | Awareness Center: Cyber! Acronyms! | 3 | |
| CVSS | Awareness Center: Cyber! Acronyms! | 3 | |
| BSIMM | Awareness Center : Acronyms! Acronyms! Acronyms! | 5 | |
| Hidden Pictures | Technical Training Center: T-ATP | 20 | |
| Let's Share Some Keys | Technical Training Center: T-ATP | 30 | |
| Tampered Data | Technical Training Center: T-ATP | 10 | |
| Jack of All Rippers | Technical Training Center: T-ATP | 20 | |
| A New Vinaigrette Recipe | Technical Training Center: T-ATP | 20 | |
| Compromised PACS / DICOM Server - Question 6 | DICOM | 45 | |
| Compromised PACS / DICOM Server - Question 5 | Radiology: DICOM | 40 | |
| Compromised PACS / DICOM Server - Question 4 | Radiology: DICOM | 30 | |
| Compromised PACS / DICOM Server - Question 3 | Radiology: DICOM | 30 | |
| Compromised PACS / DICOM Server - Question 2 | Radiology: DICOM | 20 | |
| Compromised PACS / DICOM Server - Question 1 | Radiology: DICOM | 30 | |
| Traffic At The Hospital: Pt. 3 | Technical Training Center: T-ATP | 25 | |
| Traffic At The Hospital: Pt. 2 | Technical Training Center: T-ATP | 25 | |
| Traffic At The Hospital: Pt. 1 | Technical Training Center: T-ATP | 25 | |
| Part 2 - United States Patent Office - 01/12/2009 - Printer | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| Part 2 - United States Patent Office - 01/12/2009 - Network Share Users | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| Part 2 - United States Patent Office - 01/12/2009 - SID | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| Part 2 - United States Patent Office - 01/12/2009 - Network Address | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| Part 1 - United States Patent Office - 16/11/2009 - Command Prompt | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| Power Trace Side Channel Attack | Embedded Device | 200 | |
| Stage 1 | Ransomware | 30 | |
| Indicator of compromise | Ransomware | 20 | |
| Tracing the malicious actor | Ransomware | 30 | |
| Target on your back | Ransomware | 20 | |
| Ransom note part II | Ransomware | 20 | |
| Ransom note | Ransomware | 15 | |
| NFC | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| Part 2 - United States Patent Office - 01/12/2009 | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| JSP | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| ISO/IEC | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| ICS-CERT | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| HHS | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| H-ISAC | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| Part 1 - United States Patent Office - 16/11/2009 | Patent Office: Incident Response, Memory Forensics, Network Forensics | 100 | |
| FDA | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| BLE | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| AAMI | Awareness Center: Acronyms! Acronyms! Acronyms! | 3 | |
| Unsafe Items | Training Center: T-ATP | 15 | |
| Metadata Everywhere! | Technical Training Center: T-ATP | 30 | |
| Object Diving | Technical Training Center: T-ATP | 100 | |
| Medical Overflow | Technical Training Center: T-ATP | 100 | |
| Format String Symphony | Technical Training Center: T-ATP | 100 | |
| A Whole Lotta Strings | Technical Training Center: T-ATP | 50 | |
| Ciphers Galore | Technical Training Center: T-ATP | 20 | |
| WANTED | Biohacking Village Wants YOU! | 0 | |
| The future is here! | St. Elvis Digital Twin | 200 | |
| Primanoculation | Host Access | 40 | |
| WireGuard Filetype | Host Access | 10 | |
| WireGuard Endpoint | Host Access | 10 | |
| Verify me | Orientation | 5 | |
| Discord Communications | Orientation | 20 | |
| Simple Service Access - port 80 | Orientation | 20 | |
| Simple Service Access - port 40 | Orientation | 20 | |
| Email Communications | Orientation | 10 | |
| CTFd - Profile | Orientation | 5 | |
| CTFd - Scoreboard | Orientation | 5 | |
| CTFd - Teams | Orientation | 5 | |
| CTFd - File Download | Orientation | 5 | |
| CTFd - First! | Orientation | 5 |