2023 HuntressCTF - Snake Eater

2023-11-01 | #Malware #RE #Reverse Enginering

Summary Author: @HuskyHacks Hey Analyst, I've never seen an executable icon that looks like this. I don't like things I'm not familiar with. Can you check it out and see what it's doing? Steps I started up my Windows 11 VM with Flare installed. I began by disabling my network connectivity, USB controller, and shared files and folders. Once the VM was ready, I executed the binary and didn’t see any response or indication on the OS.

Continue reading 

2023 HuntressCTF - String Cheese

2023-11-01 | #strings

Summary Author: @JohnHammond Oh, a cheese stick! This was my favorite snack as a kid. My mom always called it by a different name though... Steps I downloaded the file to my VM and executed strings against the file and found the flag: flag: flag{f4d9f0f70bf353f2ca23d81dcf7c9099}

Continue reading 

2023 HuntressCTF - Texas Chainsaw Massacre Tokyo Drift

2023-11-01 | #forensics #malware #obfuscation #powershell

Summary Author: @resume Ugh! One of our users was trying to install a Texas Chainsaw Massacre video game, and installed malware instead. Our EDR detected a rogue process reading and writing events to the Application event log. Luckily, it killed the process and everything seems fine, but we don't know what it was doing in the event log. The EVTX file is attached. Are you able to find anything malicious? Steps Reading the challenge description, I see the attached file is an EVTX file which is the extension for windows events logs.

Continue reading 

2023 HuntressCTF - Traffic

2023-11-01 | #forensics #zeek

Summary Author: @JohnHammond We saw some communication to a sketchy site... here's an export of the network traffic. Can you track it down? Some tools like rita or zeek might help dig through all of this data! Steps After downloading traffic.7z to my Kali instance, I extracted the archive using 7za e traffic.7z. Once extracted I observed various logs in .gz format. I was already familiar with these logs from my time working with Bro in the past.

Continue reading 

2023 HuntressCTF - VeeBeeEee

2023-11-01 | #malware #vbs #wscript

Summary Author: @JohnHammond While investigating a host, we found this strange file attached to a scheduled task. It was invoked with wscript or something... can you find a flag? NOTE, this challenge is based off of a real malware sample. We have done our best to "defang" the code, but out of abudance of caution it is strongly encouraged you only analyze this inside of a virtual environment separate from any production devices.

Continue reading 

<<< 1 2 3 4 5 6 7 8 9 [10] 11 >>>