Incident 67: BGP Sub-Prefix Hijack of a Crypto Wallet (SAS CTF 2026 Quals)
Platform SAS CTF 2026 Quals Difficulty Hard OS Network — Alpine Linux + FRR 10.0 Tags BGP sub-prefix hijack, FRR network-statement RIB origin, vtysh static routes, dnsmasq DNS sinkhole, OpenSSL self-signed certs, Python TLS termination + ALPN, RPKI/ROA defender perspective, IXP filtering Incident 67 from the SAS CTF 2026 Quals was the kind of network challenge that rewards patience. The category badge said “Network / BGP” and the brief read like an Internet routing exam: you’re a fresh hire at a small regional ISP, you’ve SSH’d into your edge router, and somewhere out on the public Internet there’s a crypto wallet gateway you’re not supposed to be able to touch. The router config is already half-built. The story all but tells you what to do. ...