When did user cyberjunkie successfully log into his computer? (UTC) 27/03/2023 14:37:09 There are two Event IDs for login: 4624 (successful logon) and 4648 (logon attempted using explicit credentials) ![[Pasted image 20240117155123.png]] The user tampered with firewall settings on the system. Analyze the firewall event logs to find out the Name of the firewall rule added? Metasploit C2 Bypass The last log when I filtered by firewall event logs (the most recent) was a suspicious rule called Metasploit C2 Bypass....

Target Cyber Defense Challenge Introduction University of Texas at Austin Computer Science, 2025 Digital forensics and incident response Interned at CrowdStrike Background Assembly (learned ARM, but did go through some x86 on my own) Prior CTF experience Coding Basic tools such as Wireshark Programming, data structures, computer architecture, operating systems Tier 1 Cryptography / Steganography Reverse engineering USB forensics Cyber threat intelligence Cryptography Beware the Ides of March Now You See Me, Now You Don’t A Snowy Disposition (challenging) Figuring out which spaces counted (only counted spaces at the end at first) Follow the Dotted Line A Particular Exchange What I learned Recognizing ciphers / type of steg Tools Cyberchef stegsolve (aperisolve/stegonline) stegsnow Reverse engineering A5M (challenging) r04c4 (challenging) Sc0rf1g (challenging) (HARDEST) Yarrr (challenging) Didn’t think I had the flag Web2ut3 Bonus !...

Basics Starting the script Shebang: #! : used by the shell to decide which interpreter to run the rest of the script Starts with a “shebang” #! and path to shell you want script to use #!/bin/bash Executing the script Assign execution rights to user: chmod u+x <file>.sh chmod –> modifies ownership of a file for the current user: u +x –> execution rights Variables and data types Every variable is an array so can start using any variable as an array....

Just a random sort of notes as I encounter things in C++ Command Line Arguments https://www.geeksforgeeks.org/command-line-arguments-in-c-cpp/ Command line arguments: values given after the name of the program in the command-line shell of OS. Handled by main argc (argument count): number of command-line arguments Non- negative argv (argument vector): array of character pointers listing all the arguments argv[0] name of the program -argv[1] points to the first command line argument Compiling with g++ https://natekohl....

Privilege escalation Run an suid binary suid: execute with the eUID of the file owner rather than the parent process sgid: execute with the eGID of file owner rather than parent process sticky: used for shared directories to limit file removal to file owners babysuid Programs that let you directly read the flag by setting the suid Archives 22 cpio https://www.computerhope.com/unix/ucpio.htm#Copy-Out-Mode cpio: copy files to and from archives -R Set the ownership of all files created to the specified USER and/or GROUP --to-std-out...

Writing to file Creating a new file f = open(“filename.txt”, “x”) Reading from a file File_object = open(r"File_Name", “Access_Mode”) Conversion Converting from byte to int int.from_bytes(num, endianess ("big" or "little")) Converting from byte to hex byte.hex() From hex to byte bytes.fromhex(HEX) Creating a class self –> this in java https://www.w3schools.com/python/python_classes.asp https://stackoverflow.com/questions/141545/how-to-overload-init-method-based-on-argument-type

Incomplete; Probably won’t finish Checkpoint 1: “Air-gapped” Points 10 The FBI infiltrated SHINY SCORPION’s command & control network! They’ve passed along the victim database related to the campaign that targeted Keep it Simple Security (KiSSec). They’ve also included a Python script that can deobfuscate and parse the ransomware config. FBI intelligence indicates that it should be possible to undo the ransomware’s encryption using the information stored in these files! Before we start any decryption, though, they suggest finding our unique victim ID....

Recently I completed Tier 1 of Target’s Cyber Defense Challenge offered to members of the WiCys (Women in Cybersecurity) organization. It was a CTF comprised of four categories: cryptography/steganography, reverse engineering, USB forensics, and cyber threat intelligence. In this first part, I will go over the challenges in the cryptography / steganography section. Beware the Ides of March 100 points You have intercepted the following message from the threat actor! Decrypt the message to reveal the secret phrase:...

Recently I completed Tier 1 of Target’s Cyber Defense Challenge offered to members of the WiCys (Women in Cybersecurity) organization. It was a CTF comprised of four categories: cryptography/steganography, reverse engineering, USB forensics, and cyber threat intelligence. In this second part, I will go over the challenges in the reverse engineering section. In my opinion, this was the most technical challenge as knowledge of basic assembly (x86) and the C programming language was required....

Recently I completed Tier 1 of Target’s Cyber Defense Challenge offered to members of the WiCys (Women in Cybersecurity) organization. It was a CTF comprised of four categories: cryptography/steganography, reverse engineering, USB forensics, and cyber threat intelligence. In this third part, I will go over the challenges in the USB forensics section. Challenges Find the Blue Yeti 100 points We believe that while one of the ransomware operators was out in public they dropped this USB device....