Over the past few years, CODE WHITE has been hosting a Capture the Flag (CTF) event designed to challenge and uncover skilled offensive security minds. While it's proven an excellent way to spot future red teamers, the event has always been open to anyone ready to dive in, get their hands dirty, and break things - whether for fun, curiosity, or glory.

In 2024, the fictional target company once again was Kurts Maultaschenfabrikle, a charmingly insecure manufacturer of traditional Swabian food. But things escalated quickly: the company had recently acquired the hip coffee startup BeanBeat, bringing along an entire ecosystem of fresh services, questionable design decisions, and brand-new security nightmares.

Participants found themselves attacking through the internet-facing perimeter, exploiting weaknesses in exposed BeanBeat systems, and pivoting deeper into the interconnected infrastructure that now linked the Maultaschen and coffee universes.

We want to thank everyone who joined us for the 2024 edition. Your persistence, creativity, and occasionally unhinged approaches never fail to impress. Continuing the small tradition we started with the 2023 walkthrough, we're once again sharing a detailed write-up as a token of appreciation. This document provides a step-by-step breakdown of the 2024 challenges. In some cases, we've also added alternative approaches for extra flexibility and problem-solving creativity.

• Link: Walkthrough 2024
• SHA256: 23483048e26dbe65f3a35cb9dd020f3e71cfe22f9a9d9d0ff05ed2c19551e5b6
• SHA1: f94df50a82a926a6507566e49ec2c3753b8b72be