bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

The Big Score - InCTF Internationals 2021

d3liri0us
2021-08-20
Forensics / Memory

tl;dr

  • Create a Linux profile for Ubuntu 18.04 (5.4.0-42-generic) in Volatility
  • Use linux_bash plugin to get link to the repo and linux_find_file plugin to recover the filepath
  • Decode the keyboard stream data to retrieve the flag
Read More
InCTFi Memory Linux

Heist Ends - InCTF Internationals 2021

g4rud4
2021-08-16
Forensics / Android

tl;dr

  • Extract creation timestamp of a note from Google Keep Notes.
  • Finding location, date & time from Slack Messages.
  • Extract no. of tasks completed and created from Google Tasks.
  • Finding secret code from Google Docs cache.
  • Extract first opened timestamp of a Game.
Read More
InCTFi Android ALEAPP

Heist Continues - InCTF Internationals 2021

g4rud4
2021-08-16
Forensics / Windows

tl;dr

  • Extract User ID and Workspace ID of the Slack workspace participating.
  • Extract the first & last 3 characters of text from the Anydesk Remote connected PC’s thumbnail wallpaper.
  • Extract the type of filesystem of the USBs connected to the system.
  • Extracting active duration of Voice Modulator application used by parsing Windows Activity timeline.
Read More
InCTFi USB Slack Windows Activity timeline Anydesk

Heist - InCTF Internationals 2021

g4rud4
2021-08-16
Forensics / Windows

tl;dr

  • Finding default browser and the top visited website.
  • Extract timestamp, ID, Hostname of the TeamViewer FileTransfer session.
Read More
InCTFi Browser Forensics TeamViewer

Ermittlung - InCTF Internationals 2021

g4rud4
2021-08-16
Forensics / Memory

tl;dr

  • Finding Chat application
  • Extract unread message count from NTUSER.dat.
  • Extract the last executed timestamp of the chat application.
  • Extract the Version of the chat application.
Read More
InCTFi Volatility Windows Memory Analysis

Google Keep - Notes and Lists: Mobile Artifacts

g4rud4
2021-06-18
Forensics / Android

tl;dr

  • Analysing Google keep mobile artifacts.
Read More
Android Google Keep DB Browser for SQLITE ALEAPP

KarDi Bee X - Securinets Quals 2021

g4rud4
2021-03-22
Forensics / Memory

tl;dr

  • File recovery from the memory dump
  • Environment variables analysis.
  • RAR and Zip password cracking.
  • Cracking Windows user password hash.
  • Extracting Keepass Master Password from keystrokes of logged data.
Read More
Volatility Windows Memory Analysis Securinets Quals

Be My Guest - UTCTF21

g4rud4
2021-03-15
Forensics / Network

tl;dr

  • Retrieving the flag from Samba SMB workgroup guest.
Read More
UTCTF SMB

Hack Bob's Box - UTCTF21

g4rud4
2021-03-15
Forensics / Network

tl;dr

  • Anonymous login to FTP server.
  • Retrieve SSH login username and password from Firefox History
Read More
UTCTF FTP Firefox History

Little Tricks - StarCTF 2021

g4rud4
2021-01-28
Forensics / Disk

tl;dr

  • Decrypt the bitlocker encrypted drive
  • extracting the flag from deleted PDF
Read More
Disk Encryption Bitlocker StarCTF

1 / 3

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.