English [Cybercamp 2015] [Reverse 3] Write Up

Description :

Nos han enviado un archivo para su reconstrucción. Del archivo conocemos lo siguiente:

Se trata de parte de un fichero comprimido del que se ha perdido la cabecera de, exactamente, 10 bytes. cabecera
Se sabe que contiene un fichero de texto ASCII.
La cabecera no tiene ningún un campo opcional.
El segundo byte de la cabecera perdida es 0x8B.
El fichero se generó en una máquina UNIX.

Continue reading [Cybercamp 2015] [Reverse 3] Write Up

English [Cybercamp 2015] [Forense 2.5] Write Up

Description

The company of Mr. Garcia has been robbed of 74,300€ from his bank account. The theft was committed without the knowledge of Mr. García or people in charge of IT.

Some of the money has been retrieved thanks to the speed of the bank to block the target account, but Mr. Garcia is determined to know how this unfortunate incident occurred, as he invested in forming security technicians and purchasing a perimeter antivirus solution for workstations.

After the incident, we have been asked to do a forensic analysis of the machine, but unfortunately these devices have been handled incorrectly and have no value for our review. Fortunately the system administrator, before the network failure, (do not know if caused by the incident) got a file with network traffic of the same day as the theft of bank accounts.

Download

Question: What SHA256 hash, has the program downloaded?
Answer format: SHA256 of SHA256 hash

Continue reading [Cybercamp 2015] [Forense 2.5] Write Up

English [Cybercamp 2015] [Forense 2.4] Write Up

Description

The company of Mr. Garcia has been robbed of 74,300€ from his bank account. The theft was committed without the knowledge of Mr. García or people in charge of IT.

Some of the money has been retrieved thanks to the speed of the bank to block the target account, but Mr. Garcia is determined to know how this unfortunate incident occurred, as he invested in forming security technicians and purchasing a perimeter antivirus solution for workstations.

After the incident, we have been asked to do a forensic analysis of the machine, but unfortunately these devices have been handled incorrectly and have no value for our review. Fortunately the system administrator, before the network failure, (do not know if caused by the incident) got a file with network traffic of the same day as the theft of bank accounts.

Download

Question: What is the malicious URL where the malware is downloaded?

Continue reading [Cybercamp 2015] [Forense 2.4] Write Up