Between 1st-3rd November 2023, there was another CTF event - EKOPARTY CTF. It was a part of the EKOPARTY Security Conference in Buenos Aires, but the CTF was also available online. It was in real Retro theme with IRC and Gopher server. One challenge by Kaspersky was especially interesting for me - network traffic analysis, exploitation, malware and reverse engineering. I would like to share my solution for this very nice challenge.
During the October 2023, I participated in the Huntress Capture the Flag contest. It started with couple of warmups challenges on the first day. Then they published two or one challenge every day. There were various categories, such as Warmups, Malware, Forensics, OSINT, Miscellaneous and Steganography. The difficulty levels differs from easy (usually very easy), medium (usually easy, but educative for new players) and hard (usually medium). Couple of “lolz” challenges have an extreme difficulty, and they were some kind of…what?
AsyncRAT is an open source remote administration tool written in C#. It is often used by attackers for malicious purposes. It contains obfuscated and AES-encrypted strings in its configuration. In this blog post, I would like to describe my approach of decrypting those strings with CyberChef with leverage the power of Registers and other CyberChef features.
Two years ago, very famous vulnerability in Log4j (CVE-2021-44228) was present in many products, including the Minecraft game. This blog post introduces a Docker image with vulnerable version and PoC for educational purposes. I used it for demonstration of Log4shell exploitation in older Minecraft server during my lectures.
In the second part of our overview we continue with the selection of the most used and most usable malware analysis tools. Moreover, we select the tools which are freely available. This time, we focus on tools for analysis other types of the files instead of the native binaries from the previous blog.