This is a wee bit late but we wanted to post the answers to our challenge that we had up before Derbycon. Fortunately for all, there were enough tickets that nobody actually needed ours.
We had a great time meeting folks and talking security, as well as meeting up with you, our valued listeners on Friday night at Bluegrass Brewing Company (along with fake Russell Crowe!).
Here are the answers to our challenge:
1.) The phrase was “[email protected]” and was inside of a .txt file that was embedded into the PDF we made available. I utilized a program called wbStego which I believe one or two people figured out and used to find the flag.
For #2 and #3, please see this zip file for the source to both.
2.) The username was user “Jonny Doe” and the password was “Louisville”
3.) The phrase was “I want my derbycon ticket!”.