CTF Writeups
CTF Writeup Aggregation Post!
Last updated
CTF Writeup Aggregation Post!
Last updated
Currently documented CTFS:
Hack the Box - Business CTF 2022
Challenge: A C2 implant's interface was left exposed on a victim's webserver. Break into the interface and enumerate its functionality.
Compromised the C2 interface and extracted a non-native binary, 'bkd.'
Performed analysis on the binary and extracted the flag from multiple strings present in the compiled code.
Challenge: A browser extension is believed to host cryptomining malware. Investigate.
Downloaded and unzipped the .crx (browser extension) file.
Reverse engineered heavily obfuscated malicious javascript code to retrieve the flag.
Challenge: A CEO's password vault has been compromised after receiving an email with an attachment. Review the provided PCAP file and attachment to determine how he was compromised.
Unzipped the attachment (a .docx file), used OLE Tools suite to analyze its contents, and discovered malicious VBA macros calling out to a fake Windows Update site and containing a part of the flag.
Analyzed the provided PCAP file and found two indicators of compromised: a malicious HTML payload and some obfuscated PowerShell commands.
De-obfuscated the malicious HTML payload to discover part of the flag.
De-obfuscated and reverse-engineered the PowerShell payload to reveal the final part of the flag.
Remember when you had time for CTFs? I remember when I had time for CTFs.
