Category: Forensics | bi0s

Just Do It - InCTF Internationals 2019

Forensics / Memory

tl;dr

Master File Table Analysis
Deleted file data recovery

InCTFi Volatility Windows Memory Analysis

SecurinetsQuals2019-Contact_Me

Forensics / Memory

tl;dr

Analysis of memory dump using Volatility framework.
Using mac_contacts plugin to get relevant data.
Base64 decode to get flag.

Solved by: stuxn3t

MacOS Memory Analysis

FakeTCP - CyBRICS Quals 2019

Forensics / Network

tl;dr

Open a raw socket.
Craft the outgoing packets with the byte order of S-PORT, D-PORT, SEQ, ACK reversed.
Establish the three way handshake in this fashion.
Send “GET_FLAG” to the server.

CustomTCP

Acronym - ISITDTU Quals 2019

Forensics / Steganography

Full solution of Acronym challenge from ISITDTU Quals 2019.
tl;dr - Steganography

Steganography

Easy Husky - ISITDTU Quals 2019

Forensics / Memory

tl;dr - Volatility + Corrupted file analysis
Full solution of Easy Husky challenge from ISITDTU Quals 2019.

Windows Memory Analysis

4 / 4