Setup and Environment
Did you participate as well? If yes, did you take a completely different approach somewhere? Are there any mistakes in my write-up? Let me know in the comments below or contact me on Twitter e4ch.
Title image for all solved Now here are the solutions and how I got them. Stegosaurus Stegosaurus "Something is not quite as it should be in this image.
Can you find it? Secret ", but this was not accepted as the flag. As it said "comment" there, I also looked at the file properties, but couldn't find anything interesting. Then I tried some online tools and found the site https: But as a knew there was something, I opened Photoshop Elements yes, I have a license , cut out the lower right area, zoomed in and tried to enhance that area.
Image enhancing with Photoshop So there is our flag, " CraftyBugger ". Kyberzig's software and he is refusing to help you since he believes that those who are foolish enough to lose their keys don't deserve to use his products. Kyberzig has suggested that you try to figure out what your key was.
You can use his key validation service that is available here: If you want to run it locally, then you need to fix the problem with creating the service worker see a later Kyberzig-challenge on how to do that , or put it onto a website instead.
So I downloaded the binary here base64 encoded and opened it in BinaryNinja. Here's the main function, already with some comments I added:. There we see that there is some separation between good and bad and then in the "good" case, there is some magic going on and the flag printed out.
I couldn't quite understand the logic there in detail, so I thought I need to debug this. There might be better tools, but I'm not familiar with them. Please suggest me something if you know about some good debuggers. Anyway, the first thing I tried was to manipulate the jne instruction that differentiates between good and bad, so that the execution jumped to the "good" path, even with a wrong password. That didn't work out as intended and just gave me a wrong result.
So I had to document this code a bit more and I found that in the top block a random value is generated, which is stored in [rbp-0x28] and then the user has to enter a password, which is converted into a DWORD with atoi and then both values are compared.
I'm not sure why this random input is required for giving the correct result, but with this knowledge I could influence the execution. These are the commands in gdb that I had to issue:. We already notice that the file is quite large - it's a bmp file with 41MB in size.
There was a similar challenge last year, so we use this knowledge and solve it with zsteg:. And there we already have our flag " RandompartFlag ". The binary file should work in bit Linuxes. Actually here a static disasssembler failes. There were many things built-in, like jumping to a subrouting and in the subroutine as first thing was that the return address was removed from the stack, so that it will never return and other nice obfuscations. I debugged this code for several hours with gdb until I remembered that last year there was a similar challenge.
Could this be the same again? Yes, this file was simply UPX packed! A Linux command line tool unpacks it and returns the unpacked executable. Looking at this unpacked executable again, we now have a much nicer picture in BinaryNinja:. I saw that the Insomni'hack Teaser CTF was announced and I thought that would be an opportunity to progress and learn something new.
As we already participated in a CTF with a group from our company, I thought we could use the same group and participate here. The challenge started at Saturday 11am local time and ended Sunday night 11pm. I started with 90 minutes delay and my colleague told me that the first and easy challenge is a trap, where it says something like "wall of shame" if you copy something. I didn't want to hear much before it started, so I tried myself. There were 12 challenges and the site was broken in IE, but Chrome works fine: Welcome Challenge The first welcome challenge presented itself like this: So it says there to "nc welcome.
The Univeristy of Helsinki Finnland created an online course on mooc. The CTF gives only one credit worth around 27 hours of work and I spent a lot more, but I completed all tasks. Story by Army Sgt. These eyes belong to the participants of Cyber Yankee , an exercise between multiple National Guard cyber units and civilian agencies that trains participants to react and defend some of the areas critical networks against domestic cyber-attacks.
Many are mystified by what a cyber unit would train on and do not realize how their success could directly affect them personally. During the Cyber Yankee exercise, the Red Cell, or the bad guys, strike the defense, the Blue Cell, with different cyber-attack scenarios. These attacks are against a water supply networking system, a power company and Department of Defense network.
The Blue Cell mission is to make sure the region remains operational. The cyber teams are prepared for battle. A lot of it is based on skill too. Many of the soldiers and airmen that are part of these cyber teams come from civilian backgrounds in defense or intrusion detection, working for companies like IBM, Akamai and Massachusetts Institute of Technology MIT.
Part of the team are the military analysts, who provide different angles on how to fight the scenarios.