We think our voting computers might be compromised! The Clinton campaign claims Trump is working with the Russians to rig the election. Our tech got a packet capture right before strange things started happening and isolated these packets. Our IDS didn’t flag anything, but take a look and see if you can find any hidden communications channels the Russians could use for command and control (C2). It would make the leaders of the free world look pretty bad if the Russians were the ones picking our president!
author’s irc nick: LtDan
Continue reading [Hack The Vote 2016] [Forensics 300 – More suspicious traffic] Write up
We were facing a service that was hiding himself, jumping from port to port
Question: Follow the course, get the Flag
Continue reading [NDH 2016] [Web 250 – Classroom] Write Up
Our IT staff captured this weird looking transaction.
Can you tell us what it says??
Download the pcap : ce6e1a612a1da91648306ace0cf7151e6531abc9
Continue reading [TUCTF 2016] [Misc 100 – The Nack] Write Up
The company of Mr. Garcia has been robbed of 74,300€ from his bank account. The theft was committed without the knowledge of Mr. García or people in charge of IT.
Some of the money has been retrieved thanks to the speed of the bank to block the target account, but Mr. Garcia is determined to know how this unfortunate incident occurred, as he invested in forming security technicians and purchasing a perimeter antivirus solution for workstations.
After the incident, we have been asked to do a forensic analysis of the machine, but unfortunately these devices have been handled incorrectly and have no value for our review. Fortunately the system administrator, before the network failure, (do not know if caused by the incident) got a file with network traffic of the same day as the theft of bank accounts.
Question: What SHA256 hash, has the program downloaded?
Answer format: SHA256 of SHA256 hash
Continue reading [Cybercamp 2015] [Forense 2.5] Write Up