Ideas for puzzles
=================
* Bootable image with FreeDOS, Linux, Inferno? HURD?
  * Bury puzzles in various weird locations within each OS
  * Maybe put some in the boot loader, too
  * Perhaps have some sort of network puzzle as well
* Network treasure hunt
  * DHCP option
  * Single TCP RST with token in payload
  * Multiple TCP RST with different payloads
  * http://10.0.0.2/token
* PXE boot some sort of points-gathering client
  * Init asks for a team hash, and starts awarding points
  * Broken startup scripts, when fixed award more points
  * Lots of remote exploits
* "qemu -net socket" vpn thingy and then...
* sfxrar packed with upx.  Change an instruction so it won't actually
  execute.
* pwnables: have scp log passwords somewhere

Capture the Packet
------------------

* Jim Meilander could teach a class about Bro
* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet


From Jed Crandell
-----------------

* Have password easily read, must determine username with stack
  examination (like in printf category)
* Use %600000u%n to write an arbitrary value to a location in
  stack, then jump to that location somehow.