CSAW CTF 2014 - Forensics 300: "Fluffy No More"

This is the fourth and the last of the forensics challenge in the CSAW CTF 2014 competition. It was much harder than the three before, but it was also much more interesting.

The challenge starts with the following text:

OH NO WE'VE BEEN HACKED!!!!!! -- said the Eye Heart Fluffy Bunnies …

more ...

CSAW CTF 2014 - Forensics 200: "Obscurity"

The third forensics challenge starts with the following text:

see or do not see

Written by marc

pdf.pdf

Hacking PDFs, what fun!

In general, when dealing with reverse-engineering malicious documents, we follow these steps:

 1. We search for malicious embedded code (shell code, JavaScript).

 2. We extract any suspicious …
more ...

CSAW CTF 2014 - Forensics 100: "dumpster diving"

This was the first forensic challenge. It starts with the following text:

dumpsters are cool, but cores are cooler

Written by marc

firefox.mem.zip

Unziping firefox.mem.zip

The given file has a funny extension .mem.zip. Before we go ahead and unzip it, let's try to learn more …

more ...

CSAW CTF 2014 - Forensics 200: "why not sftp?"

The purpose of this problem is to teach about the need of encrypting your data. The FTP protocol sends clear text over the wire, i.e the data is transmitted without any encryption. SSH/Secure File Transfer Protocol is a network protocol providing secure file transfer. Using SFTP, instead of …

more ...