English [Cybercamp 2015] [Forense 2.3] Write Up

Description

The company of Mr. Garcia has been robbed of 74,300€ from his bank account. The theft was committed without the knowledge of Mr. García or people in charge of IT.

Some of the money has been retrieved thanks to the speed of the bank to block the target account, but Mr. Garcia is determined to know how this unfortunate incident occurred, as he invested in forming security technicians and purchasing a perimeter antivirus solution for workstations.

After the incident, we have been asked to do a forensic analysis of the machine, but unfortunately these devices have been handled incorrectly and have no value for our review. Fortunately the system administrator, before the network failure, (do not know if caused by the incident) got a file with network traffic of the same day as the theft of bank accounts.

Download

Question: What is the name of the victim computer?

Continue reading [Cybercamp 2015] [Forense 2.3] Write Up

English [Cybercamp 2015] [Forense 2.2] Write Up

Description

The company of Mr. Garcia has been robbed of 74,300€ from his bank account. The theft was committed without the knowledge of Mr. García or people in charge of IT.

Some of the money has been retrieved thanks to the speed of the bank to block the target account, but Mr. Garcia is determined to know how this unfortunate incident occurred, as he invested in forming security technicians and purchasing a perimeter antivirus solution for workstations.

After the incident, we have been asked to do a forensic analysis of the machine, but unfortunately these devices have been handled incorrectly and have no value for our review. Fortunately the system administrator, before the network failure, (do not know if caused by the incident) got a file with network traffic of the same day as the theft of bank accounts.

Download

Question: What is the country code of the attacker IP?

Continue reading [Cybercamp 2015] [Forense 2.2] Write Up

English [Cybercamp 2015] [Forense 2.1] Write Up

Description

The company of Mr. Garcia has been robbed of 74,300€ from his bank account. The theft was committed without the knowledge of Mr. García or people in charge of IT.

Some of the money has been retrieved thanks to the speed of the bank to block the target account, but Mr. Garcia is determined to know how this unfortunate incident occurred, as he invested in forming security technicians and purchasing a perimeter antivirus solution for workstations.

After the incident, we have been asked to do a forensic analysis of the machine, but unfortunately these devices have been handled incorrectly and have no value for our review. Fortunately the system administrator, before the network failure, (do not know if caused by the incident) got a file with network traffic of the same day as the theft of bank accounts.

Download

Question: What IP is the attacker?

Continue reading [Cybercamp 2015] [Forense 2.1] Write Up

English [Cybercamp 2015] Back on the event

Hey guys… Cybercamp has just finished! 🙂

There were a lot of challenges, some were really nice, but a good part of them were just full guessing which is really annoying :/

After an entire week (July, 17th to 26th) we ranked 9 out of 879..not so bad isn’t it?
And…we are the 1st non-Spanish team! The second one is only 49th.
Moreover we are proud for having resolved Web 4, only flagged by us!

Our results are:
Crypto: 16/20
Exploit: 2/5
Forensic: 19/27
Reverse: 5/5
Web: 17/18 (there were 20 challenges initially, but two were cancelled)

Write-ups (coming soon):
Crypto: 12345679  – 11  – 131415 – 16 – 17 – 19 – 20
Exploit: 1 – 2
Forensic: 1.1 – 1.2 – 1.3 | 2.12.22.32.42.5 | 3.1 – 3.2 – 3.3 – 3.5 | 4.14.24.4 | 5.1 | 7.2 – 7.3 | 8.1
Reverse: 123 – 4 – 5
Web: 1  – 2 – 3 – 45 – 6 – 7 – 8 – 9 – 111213151617 – 18 – 19 – 20  (Bonus: 10 cancelled)

See you for next CTF folks !

0x90r00t.