diff --git a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
index b8dd6797d..c37df825d 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
@@ -1,11 +1,5 @@
-# Install function for setuid_root binaries
+# Install function for setgid binaries
 # -- Modules calling this function must provide a Makefile and any .c files within it's <module_name>/files directory
-#
-# ** NOTES ***
-#   Do we really need a user account or can we just pass in the directory path?
-#
-
-
 
 define secgen_functions::install_setgid_binary (
   $challenge_name, # Challenge name, used for the wrapper-directory
@@ -38,16 +32,10 @@ define secgen_functions::install_setgid_binary (
     fail
   }
 
-
   $compile_directory = "$storage_directory/tmp"
   $challenge_directory = "$storage_directory/$challenge_name"
   $modules_source = "puppet:///modules/$source_module_name"
 
-  notice("compile_directory: ")
-  notice($compile_directory)
-  notice("challenge_directory: ")
-  notice($challenge_directory)
-
   group { $group:
     ensure => present,
   }
@@ -90,7 +78,7 @@ define secgen_functions::install_setgid_binary (
     strings_to_leak   => [$flag],
     owner             => 'root',
     group             => $group,
-    mode              => '4440',
+    mode              => '0440',
     leaked_from       => "accounts_$username",
     require           => [Group[$group], Exec["gcc_$challenge_name-$compile_directory"]],
     notify            => Exec["remove_$compile_directory"],
diff --git a/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp b/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp
index 42159cbf0..e801725d3 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setuid_root_binary.pp
@@ -4,25 +4,18 @@
 define secgen_functions::install_setuid_root_binary (
   $challenge_name,           # Challenge name, used for the wrapper-directory
   $source_module_name,      # Name of the module that calls this function
-  $gcc_output_binary_name,  # Temporary name of the binary output by gcc when when /bin/make runs the Makefile
-  $challenge_binary_name,   # Renamed binary on copy to challenge directory, could differ from above
   $account,                 # User account (leak here if $storage_directory is not supplied)
   $flag,                    # ctf flag string
-  $storage_dir = [''],      # Optional: Storage directory (takes precedent if supplied, e.g. nfs / smb share dir)
+  $flag_name, # ctf flag name
+  $storage_dir = '',      # Optional: Storage directory (takes precedent if supplied, e.g. nfs / smb share dir)
   $strings_to_leak = [''],  # Optional: strings to leak (could contain instructions or a message)
 ) {
 
   ensure_packages('build-essential')
   ensure_packages('gcc-multilib')
 
-  # Use either storage directory or account's home directory. storage_directory takes precedent
-  if $storage_dir[0] != '' {
-    $storage_directory = $storage_dir[0]
-    $leaked_filenames = ["$challenge_name-instructions"]
-  } elsif $account {
+  if $account {
     $username = $account['username']
-    $storage_directory = "/home/$username"
-    $leaked_filenames = $account['leaked_filenames']
 
     ::accounts::user { $username:
       shell      => '/bin/bash',
@@ -30,8 +23,14 @@ define secgen_functions::install_setuid_root_binary (
       managehome => true,
       home_mode  => '0755',
     }
+
+    $storage_directory = "/home/$username"
+
+  } elsif $storage_dir {
+    $storage_directory = $storage_dir
+
   } else {
-    err('install: Either storage_directory or account is required')
+    err('install: either account or storage_dir is required')
     fail
   }
 
@@ -40,54 +39,51 @@ define secgen_functions::install_setuid_root_binary (
   $modules_source = "puppet:///modules/$source_module_name"
 
   # Create challenge directory
-  file { $challenge_directory:
+  file { "create_$challenge_directory":
+    path => $challenge_directory,
     ensure => directory,
   }
 
   # Move contents of the module's files directory into compile directory
-  file { $compile_directory:
+  file { "create_$compile_directory":
+    path => $compile_directory,
     ensure  => directory,
     recurse => true,
     source  => $modules_source,
-    notify  => Exec["gcc_$gcc_output_binary_name-$compile_directory"],
   }
 
   # Build the binary with gcc
-  exec { "gcc_$gcc_output_binary_name-$compile_directory":
+  exec { "gcc_$challenge_name-$compile_directory":
     cwd     => $compile_directory,
     command => "/usr/bin/make",
-    require => [File[$challenge_directory, $compile_directory], Package['build-essential', 'gcc-multilib']]
+    require => [File["create_$challenge_directory", "create_$compile_directory"], Package['build-essential', 'gcc-multilib']]
   }
 
   # Move the compiled binary into the challenge directory
-  file { "$challenge_directory/$challenge_binary_name":
+  file { "$challenge_directory/$challenge_name":
     ensure  => present,
     owner   => 'root',
     group   => 'root',
     mode    => '4755',
-    source  => "$compile_directory/$gcc_output_binary_name",
-    require => Exec["gcc_$gcc_output_binary_name-$compile_directory"],
+    source  => "$compile_directory/$challenge_name",
+    require => Exec["gcc_$challenge_name-$compile_directory"],
   }
 
   # Drop the flag file on the box and set permissions
-  file { "$challenge_directory/flag":
-    ensure   => present,
-    content => $flag,
-    mode     => '0600',
-    require  => Exec["gcc_$gcc_output_binary_name-$compile_directory"],
+  ::secgen_functions::leak_files { "$username-file-leak":
+    storage_directory => "$challenge_directory",
+    leaked_filenames  => [$flag_name],
+    strings_to_leak   => [$flag],
+    owner             => 'root',
+    mode              => '0400',
+    leaked_from       => "accounts_$username",
+    require           => Exec["gcc_$challenge_name-$compile_directory"],
+    notify            => Exec["remove_$compile_directory"],
   }
 
   # Remove compile directory
   exec { "remove_$compile_directory":
     command => "/bin/rm -rf $compile_directory",
-    require => File["$challenge_directory/$challenge_binary_name", "$challenge_directory/flag"]
-  }
-
-  # Leak messages / instructions in a text file in the storage directory / home directory
-  ::secgen_functions::leak_files { "$challenge_directory-strings_to_leak":
-    storage_directory => $challenge_directory,
-    leaked_filenames  => $leaked_filenames,
-    strings_to_leak   => $strings_to_leak,
-    leaked_from       => $source_module_name,
+    require => [File["$challenge_directory/$challenge_name"]]
   }
 }
diff --git a/modules/vulnerabilities/unix/ctf/defcon_quals_2016/dc16_amadhj/manifests/install.pp b/modules/vulnerabilities/unix/ctf/defcon_quals_2016/dc16_amadhj/manifests/install.pp
index cdc17abdb..5fb68ebc5 100644
--- a/modules/vulnerabilities/unix/ctf/defcon_quals_2016/dc16_amadhj/manifests/install.pp
+++ b/modules/vulnerabilities/unix/ctf/defcon_quals_2016/dc16_amadhj/manifests/install.pp
@@ -1,15 +1,39 @@
 class dc16_amadhj::install {
   $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
-  $account = parsejson($secgen_params['account'][0])
+  $group = $secgen_params['group']
 
-  ::secgen_functions::install_setuid_root_binary { 'defcon16_amadhj':
-    source_module_name     => $module_name,
-    challenge_name         => $secgen_params['challenge_name'][0],
-    gcc_output_binary_name => 'amadhj',
-    challenge_binary_name  => $secgen_params['binary_name'][0],
-    account                => $account,
-    flag                   => $secgen_params['flag'][0],
-    storage_dir            => $secgen_params['storage_directory'],
-    strings_to_leak        => $secgen_params['strings_to_leak'],
+  if $secgen_params['account'][0] and $secgen_params['account'][0] != '' {
+    $account = parsejson($secgen_params['account'][0])
+  } else {
+    $account = undef
+  }
+
+  if $secgen_params['storage_directory'] and $secgen_params['storage_directory'][0] {
+    $storage_dir = $secgen_params['storage_directory'][0]
+  } else {
+    $storage_dir = undef
+  }
+
+  if $group {
+    ::secgen_functions::install_setgid_binary { 'defcon16_amadhj_group':
+      source_module_name     => $module_name,
+      challenge_name         => $secgen_params['challenge_name'][0],
+      group                  => $group[0],
+      account                => $account,
+      flag                   => $secgen_params['flag'][0],
+      flag_name              => 'flag',
+      storage_dir            => $storage_dir,
+      strings_to_leak        => $secgen_params['strings_to_leak'],
+    }
+  } else {
+    ::secgen_functions::install_setuid_root_binary { 'defcon16_amadhj':
+      source_module_name     => $module_name,
+      challenge_name         => $secgen_params['challenge_name'][0],
+      account                => $account,
+      flag                   => $secgen_params['flag'][0],
+      flag_name              => 'flag',
+      storage_dir            => $storage_dir,
+      strings_to_leak        => $secgen_params['strings_to_leak'],
+    }
   }
 }
diff --git a/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml b/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml
index 1f3e71b24..c4c04165d 100644
--- a/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml
+++ b/scenarios/examples/ctf_challenge_examples/setgid_pwnable_binary_example.xml
@@ -4,24 +4,30 @@
 	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
 
-	<!-- an example system with dc16_amadhj setuid binary reversing challenge installed with default parameters.
-			username/pw: challenges/password  -->
+	<!-- an example system with a setgid binary. -->
 	<system>
-		<system_name>reverse_me</system_name>
+		<system_name>group_challenges</system_name>
 		<base platform="linux" type="server"/>
 
-		<!--TODO: Combine the dc16_amadhj with dc16_amadhj_group, use same pattern for all type=".*pwnable_binary" -->
+		<!--TODO: use same pattern for all type=".*pwnable_binary" -->
 
 		<!-- 1) Default uses an account and drops the binary in the users home directory -->
-		<vulnerability module_path=".*dc16_amadhj_group.*"/>
+		<vulnerability module_path=".*dc16_amadhj">
+          <input into="group">
+            <value>task1</value>
+          </input>
+        </vulnerability>
 
 		<!-- 2) Using a custom storage directory -->
 		<!--<vulnerability module_path=".*dc16_amadhj_group.*">-->
+          <!--<input into="group">-->
+            <!--<value>task2</value>-->
+          <!--</input>-->
           <!--<input into="account">-->
             <!--<value/>-->
           <!--</input>-->
           <!--<input into="storage_directory">-->
-            <!--<value>/test</value>-->
+            <!--<value>/home</value>-->
           <!--</input>-->
         <!--</vulnerability>-->
 
diff --git a/scenarios/examples/ctf_challenge_examples/setuid_pwnable_binary_example.xml b/scenarios/examples/ctf_challenge_examples/setuid_pwnable_binary_example.xml
new file mode 100644
index 000000000..24dd478f4
--- /dev/null
+++ b/scenarios/examples/ctf_challenge_examples/setuid_pwnable_binary_example.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<!-- an example system with a setuid root binary. -->
+	<system>
+		<system_name>reverse_me</system_name>
+		<base platform="linux" type="server"/>
+
+		<!--TODO: use same pattern for all type=".*pwnable_binary" -->
+
+		<!-- 1) Default uses an account and drops the binary in the users home directory
+				(username/pw: challenges/password) -->
+		<vulnerability module_path=".*dc16_amadhj"/>
+
+		<!-- 2) Using a custom storage directory -->
+		<!--<vulnerability module_path=".*dc16_amadhj">-->
+          <!--<input into="account">-->
+            <!--<value/>-->
+          <!--</input>-->
+          <!--<input into="storage_directory">-->
+            <!--<value>/home</value>-->
+          <!--</input>-->
+        <!--</vulnerability>-->
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>