[3DS CTF] [FOR 200 – What the Hex] Write up[EN]
The NSA trainee was fired and left a very strange file on his desktop.
Without any success, the director asked you to take a look at this strange file. Can you figure something out?Solved by 29 Teams
Continue reading [3DS CTF] [FOR 200 – What the Hex] Write up
[Juniors CTF 2016] [Forensic 500 – The Good, the Bad and the Junkman] Write Up– Hey, Mabel! Help me
– What`s up, Gruncle?
– I`ve cleaned up the store recently and now some stuff is missing. I think It must be somewhere here
Continue reading [Juniors CTF 2016] [Forensic 500 – The Good, the Bad and the Junkman] Write Up
[HackingWeek 2015] [Forensic 2] Write UpThe supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).
One of the machine’s users had several websites about an incident that involved a showbiz personality. The validation key is FirstnameLastname of this personality.
dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)
[HackingWeek 2015] [Forensic 1] Write UpThe supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).
The validation key of the challenge is given by the PID, PPID and the number of threads of the Solitaire program. Put it to the format PID:PPID:nThreads.
dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)
[HackingWeek 2015] [Forensic 4] Write UpThe supplied memory image was captured on a compromised machine, analyze it to answer questions (this is the same image for the four forensic tests, useless to download several times).
When the machine was compromised, the attacker installed a Command & Control software that is currently inactive but must contact a server to receive his orders.
Find the server name and the port on which the malware should connect.
The validation key is servername:portnumber.dump.gz (md5sum:1273931ce359f59bce95ce4507e1f4bf)
