writeups

DEF CON DFIR CTF 2018 Write-up Part 2 - HR Server Advanced and Expert Challenges

4 minute read Published:

A writeup for the 2018 DEF CON DFIR CTF - Part 2
Introduction Following on from my last blog, I turned to the Advanced and Expert level challenges to try and uncover undoubtedly nefarious deeds. Let’s go! HR Server - Advanced Challenges Logon Event The first question asks you to name the user that logged on at a specific time (given in UTC), as well as the logon type, logon process and IP address. With all our data ingested and ready for searching in Kibana, this was reasonably straightforward.

DEF CON DFIR CTF 2018 Write-up Part 1 - HR Server Basic Challenges

6 minute read Published:

A writeup for the 2018 DEF CON DFIR CTF - Part 1

Introduction

I’m heading to DEF CON in Vegas this year and thinking about participating in the DFIR CTF that runs at the Blue Team Village. As a bit of a warm-up, I thought I’d give last year’s DFIR CTF a crack, which is still available to play online at the time of writing - you can find details for how to sign-up and obtain the images here. Without further ado, here’s a write-up of the challenges that I’ve managed to complete so far, which I’m writing mainly so I can remember the tools and commands for next time…

BSides Canberra pwn-noob CTF Write-up

8 minute read Published:

A writeup for the pwn-noob exploit challenge at the BSides Canberra 2017 CTF.

Introduction

The first exploitation (pwnable) challenge at the BSides Canberra 2017 CTF was pwn-noob - and clearly, I’m an über-noob because I couldn’t figure out how to pwn it during the comp.

However, a couple of nights later (with a couple of gentle nudges from CTF-organiser extraordinaire OJ), I finally got there! Here’s a brief rundown of the challenge binary, concluding with a script which implements a working exploit.