Yeah, it’s been a while since I’ve written anything in here. Don’t judge me! I’ve been busy with various things. Like working and studying. And I’ve also attended a few CTF events recently, of which I’m going to briefly write about. Because I’m a dumdum I didn’t save any screenshots or anything. Text will have to do this time. (Sorry.)
First one was Synack Red Team Five CTF, which was held on HackTheBox’s CTF platform on November 5th – 7th. There were six topics with different challenges: web, crypto, reversing, pwn, forensics and misc. I remember that I managed to complete only 4 challenges out of the 25, and all of them were in the forensics category. Sadly, I was also quite busy during that particular weekend, which didn’t help much in the competition.
If my memory serves right, two of the forensics challenges had .pcap files in them, which were quite fast to solve with Wireshark. The first one had unencrypted HTTP traffic in it, from which we had to seek out the admin’s login credentials. From the other .pcap it was required to search a .pdf file and calculate it’s md5 hash. Again, pretty easy.
The third one was interesting and a first one for me, since I had never before inspected a malicious .pdf file. Using pdf-parser I was able to find malicious(?) JavaScript within the file. That was beside the point, as the flag was quite easy to find with the same tool. It was nested in some sort of a PowerShell command.
In the last one we had to snoop around a Windows registry file and find the reason for an imaginary CEO’s computer problems. Again, it’s already been a while and I since I didn’t save any screenshots, I might not remember everything correctly. But what I do remember is that there was an indication of persistency in the form of a PowerShell code that was run every time the user logged in. Within that code snippet was also hidden the flag, which we had to figure out.
That CTF didn’t go so well, but I was glad to take part in it. Hopefully I’ll have more time to spend on Synack’s CTF next time, as doing well in those speeds up the process of joining the Synack Red Team.
The other CTF was hosted by conINT, an OSINT CTF by National Child Protection Task Force. It was held on 20th – 21st of November, with the first day consisting of multiple talks on Twitch, and the second of the CTF. The talks were nothing short of amazing and I enjoyed watching them immensely. The CTF was amazing too, but sadly the server it was hosted on didn’t do well under the load, suffering from crashes and connection problems. Because of this the CTF event was cancelled after a few hours. 🙁
I haven’t done much OSINT CTFs, so it was a nice change of pace to take part in one. There were challenges on topics like geolocation, blockchain analysis and disinformation. Trying to identify which of the 40 cats were AI-generated was a painful, painful challenge. I remember being in the top 15 for a while, but was soon dropped even further back due to the connection problems. I still had a lot fun during the evening. The organizers even went as far as refunding the participation fees due to the unexpected issues and the eventual cancellation of the CTF. Quite a humble move.
On 27th of November (today) I took part in National Defence Training Association’s OSINT capstone, in which we had to conduct OSINT investigations on a company. It took the 8 hours from start to finish, but I enjoyed the course and the last task. Although we not given as much time as I would have liked, our team managed to collect lots of good information from the company we were assigned to work on. Personally I would have liked to do actual analysis too, but that was beyond the scope of the course, as the it was pretty basic level. Perhaps in somewhere in the not-so-distant future there will be another course for more advanced stuff.
So yeah, that’s what I’ve been up to recently. After writing it out, I see how bland the wall of text looks with my inadequate recollection of the events. Note to self: take more pictures, so that you can share them and remember what the hell you’re even trying to write about. Since it had been such a long time since I had written anything down, I wanted to write at least something.
Until next time!