diff --git a/Shepherd.pdf b/Shepherd.pdf
index 4033244c9ef33a2566fdc82924bca86634ba8198..48ae87a420519b590f56a366d1d17cc50496cc41 100644
Binary files a/Shepherd.pdf and b/Shepherd.pdf differ
diff --git a/Shepherd.tex b/Shepherd.tex
index 95f9661a5fe41b852bc8218a8018c7eb3f0fa1d0..7d60dba04c15c83a519e5a3066d2c4121d412c92 100644
--- a/Shepherd.tex
+++ b/Shepherd.tex
@@ -125,9 +125,8 @@ stuck in a module and need a hint. Register for the coaching session in Lisam.
 The coaching sessions are not compulsory!
 
 \section{Deadline}\label{sec:deadline}
-The lab server opens up for registration on November 11th at 15:00.
-The lab must be finished before the end of the exam period which is on the 14th
-of January 2017. Shortly after, the Security Shepherd server will be shut down,
+The lab server opens up for registration on November 8th at 17:00.
+The lab must be finished before the end of the exam period. Shortly after, the Security Shepherd server will be shut down,
 so you can't do the lab after this date.
 
 \section{Disciplinary stuff}
@@ -281,59 +280,67 @@ complex. We have put a lot of work into making the lab interesting and to run
 the actual server. If you have any ideas or suggestions we are all ears!
 
 \section{Challenges}\label{sec:challenges}
-The following challenges are required to pass the lab. The challenges we put at
-the end of the list are the hardest, so we recommend that you don't start with
-them. However, you are free to do the challenges in any order you want.
+The following 21 challenges are required to pass the lab, and you are free to do the challenges in any order you want.
 \begin{description}
-    \item[Session Management Challenge 1] Try replacing \enquote{user} with
-        \enquote{administrator}. But where?
-    \item[Poor Data Validation 1]. The \enquote{troll} here means the third
-        image, i.e.\ a \enquote{trollface}. Google it if you are unsure.
+    \item[Session Management Challenge 1] 
+	    {\color{white}Try replacing \enquote{user} with
+        \enquote{administrator}. But where?}
+    \item[Poor Data Validation 1] 
+	    {\color{white}The \enquote{troll} here means the third
+        image, i.e.\ a \enquote{trollface}. Google it if you are unsure.}
     \item[Cross Site Scripting 1]
-    \item[Session Management Challenge 2] Try attacking the password reset.
+    \item[Session Management Challenge 2] 
+	    {\color{white}Try attacking the password reset.}
     \item[Session Management Challenge 3]
     \item[SQL Injection 1]
     \item[SQL Injection 2]
-		    The server first checks if the query contains \emph{one} @ before processing it!
+		    {\color{white}The server first checks if the query contains \emph{one} @ before processing it!}
     \item[Insecure Cryptographic Storage Challenge 1]
     \item[Insecure Cryptographic Storage Challenge 2]
-        Here, \enquote{2d cipher} refers to the
-        \enquote{Vigenère cipher}.
+        {\color{white}Here, \enquote{2d cipher} refers to the
+        \enquote{Vigenère cipher}.}
     \item[Insecure Direct Object Reference Challenge 1]
-    \item[Insecure Direct Object Reference Challenge 2] Do challenges 1 and 2
-        before the Bank challenge!
-    \item[Poor Data Validation 2] Remember that large integers can overflow!
+    \item[Insecure Direct Object Reference Challenge 2] 
+	    {\color{white}Do challenges 1 and 2
+        before the Bank challenge!}
+    \item[Poor Data Validation 2] 
+	    {\color{white}Remember that large integers can overflow!}
     \item[Failure to Restrict URL Access 1]
     \item[CSRF 1]
-    \item[Cross Site Scripting 2]. Now the XSS filter is getting more clever,
+    \item[Cross Site Scripting 2] 
+	    {\color{white}Now the XSS filter is getting more clever,
         but it's not perfect. Check the source code of the HTML returned from
         the server to see which commands are filtered and which are not. Use the
-        hints from the slides.
-    \item[Session Management Challenge 4] Can you guess a Session ID? It should
-        be somewhat larger than 20.
+        hints from the slides.}
+    \item[Session Management Challenge 4] 
+	    {\color{white}Can you guess a Session ID? It should
+        be somewhat larger than 20.}
     \item[Failure to Restrict URL Access 2]
     \item[Cross Site Scripting 3]
-    \item[Insecure Cryptographic Storage Challenge 3] There are a number of ways
+    \item[Insecure Cryptographic Storage Challenge 3] 
+	    {\color{white}There are a number of ways
         to defeat the crypto and get the encryption key in this challenge. The
-        quickest way is to submit base64 encoded spaces.
-    \item[SQL Injection 3] To complete this challenge, you must craft a second
+        quickest way is to submit base64 encoded spaces.}
+    \item[SQL Injection 3] 
+	    {\color{white}To complete this challenge, you must craft a second
         statement to return Mary Martin's credit card number as the current
         statement only returns the customerName attribute. Note that the UNION
-        statement isn't filtered!
-    \item[Insecure Direct Object Reference Bank] To complete this challenge you
+        statement isn't filtered!}
+    \item[Insecure Direct Object Reference Bank] 
+	    {\color{white}To complete this challenge you
         must first register an account. The account must have a unique name. The
         next step is to click the refresh balance button. Capture this request, and
         replay it with different account numbers until you find one with cash. If
         you are the first person to attempt this challenge, the account number 1
         should have 10 million in it. You should be able to figure out the rest.
-        See \cref{sec:faq-bank} if there's not enough money anywhere!
+        See \cref{sec:faq-bank} if there's not enough money anywhere!}
 \end{description}
-Total: 21 challenges to finish.
+There are hidden hints!
 
 \section{Challenges not required}\label{sec:hard-challenges}
 The following extra challenges are included in Security Shepherd but are NOT
 required to finish the course. They are difficult. Note that, for these challenges, you are on your
-own. The lab assistant is not required to help you, and these challenges might
+own. To keep the competition fair the lab assistant will not help you, and these challenges might
 require knowledge we didn't cover in the lecture, and resources we can't
 provide.
 \begin{itemize}
@@ -632,7 +639,7 @@ destinations.
 \end{figure}
 
 \chapter{Capturing The Flag}\label{sec:ctf}
-Security Shepherd is what the hacking community calles a CTF, or Capture The
+Security Shepherd is what the hacking community calls a CTF, or Capture The
 Flag. CTF:s are a good way of practicing one's skills in order to become better
 at pentesting, reverse-engineering, cracking, etc. It is common for security
 conferences to have CTF competitions where teams try to solve a number of