# CTF Writeups

{% embed url="<https://github.com/thebriandurham/CTFs>" %}

## About

Currently documented CTFS:

* Hack the Box - Business CTF 2022
  * [Breakout](https://github.com/thebriandurham/CTFs/blob/main/HTB%20Biz%2022/Breakout.md)
    * Challenge: A C2 implant's interface was left exposed on a victim's webserver. Break into the interface and enumerate its functionality.
    * Compromised the C2 interface and extracted a non-native binary, 'bkd.'
    * Performed analysis on the binary and extracted the flag from multiple strings present in the compiled code.
  * [Chromeminer](https://github.com/thebriandurham/CTFs/blob/main/HTB%20Biz%2022/ChromeMiner.md)
    * Challenge: A browser extension is believed to host cryptomining malware. Investigate.
    * Downloaded and unzipped the .crx (browser extension) file.
    * Reverse engineered heavily obfuscated malicious javascript code to retrieve the flag.
  * [Lina's Invitation](https://github.com/thebriandurham/CTFs/blob/main/HTB%20Biz%2022/Lina's%20Invitation.md)
    * Challenge: A CEO's password vault has been compromised after receiving an email with an attachment. Review the provided PCAP file and attachment to determine how he was compromised.
    * Unzipped the attachment (a .docx file), used OLE Tools suite to analyze its contents, and discovered malicious VBA macros calling out to a fake Windows Update site and containing a part of the flag.
    * Analyzed the provided PCAP file and found two indicators of compromised: a malicious HTML payload and some obfuscated PowerShell commands.
    * De-obfuscated the malicious HTML payload to discover part of the flag.
    * De-obfuscated and reverse-engineered the PowerShell payload to reveal the final part of the flag.

## Postmortem

Remember when you had time for CTFs? I remember when I had time for CTFs.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bdurham.dev/old-projects/ctf-writeups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.