GitHub and the Ekoparty 2023 Capture the Flag

As a sponsor of Ekoparty 2023, GitHub contributed several challenges to the Capture The Flag (CTF) competition, focusing on GitHub and Git functionalities to educate the security community on common security issues. This year's "retro" theme set challenges in a fictional 1994 high school, OctoHigh, blending educational content with entertainment. The first challenge, "Entrypoint," involved steganography to locate a hidden flag, while the second, "Snarky Comments," and third, "Fork & Knife," addressed vulnerabilities in GitHub Actions workflow, specifically code injection and the use of "pull_request_target." The fourth and fifth challenges, "Git #1" and "Git #2," focused on Git repository mechanics and forensics, requiring players to identify differences and retrieve removed tags within Git repositories. These challenges aimed to enhance participants' understanding of security in a fun and engaging manner, aligning with GitHub's commitment to improving security awareness within the community.