Hidden dependencies and poisoned supply chains undermine systems before they ever go live. This category explores how trust is broken upstream, quietly and at scale, where a "harmless" artifact, build script, or library becomes the first domino. In the story, this is the moment the future gets compromised. By the time the incident is visible, the damage is already baked in: the foundation you built on is the same foundation that collapses later.
BSidesDayton 2026 CTF
CTF Overview
The outage wasn't an accident. It started quietly: a dependency update, a build step, a vendor tool that "couldn't possibly" be the problem. Then the failures stacked - credentials stopped working, services disappeared, and the network became something you feared more than you needed.
Five Categories
Cause
Collapse
Survival
Recovery
Trust
Each category is a chapter in the same incident, showing how trust breaks upstream, how operations change when the world goes offline, how information moves without connectivity, how recovery depends on what was preserved, and how trust gets rebuilt deliberately.
CTF Challenges
Cause Fractured Foundations Supply chains and hidden dependencies break trust upstream.
Collapse Pull the Plug Operate when connectivity and external validation disappear.
When the network fails, or becomes hostile, assumptions collapse fast. These challenges focus on operating without live connectivity, external services, or real-time validation. In the narrative, this is the lights-out transition: tooling breaks, "just check the server" is no longer an option, and you have to reason from what you already have. What still works when everything else is gone?
Survival Hand-Carried Secrets Sneakernet, signals, and side channels replace networks.
With networks unreliable, data moves physically and opportunistically. This category examines sneakernet workflows, side channels, and information embedded in objects, media, and signals. Movement replaces connectivity. Story-wise, this is how teams keep operating: you trade bandwidth for ingenuity, and the environment itself becomes part of the protocol - what can be carried, copied, encoded, or overheard when you can't rely on a link?
Recovery Cold Iron Archives Backups and snapshots preserve clues after the wipe.
Even disconnected systems leave echoes behind. Backups, snapshots, and cold storage preserve traces long after data is deleted or systems are wiped. Recovery depends on understanding how and when data was saved. In the narrative, this is where you rebuild truth from fragments: time, retention, and tooling choices decide what can be recovered, what remains ambiguous, and what is lost forever.
Trust Web of Trust Identity and verification in imperfect/offline systems.
After the dust settles, the question becomes who, or what, can be trusted again. These challenges center on identity, verification, and cryptographic trust in imperfect, offline, or compromised environments. This is the final chapter: you don't "restore" trust by flipping a switch. You re-establish it with evidence, verification, and clear boundaries, so the next system you build isn't fractured from the start.