bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

verboten - bi0sCTF 2024

sp3p3x
jl_24
2024-03-08
Forensics

tl;dr

  • Registry Hives analysis
  • Analyse Chrome browser artifacts
  • Analyse Slack artifacts
  • Analyse AnyDesk artifacts
  • Analyse artifacts for evidence of execution
  • Analyse clipboard artifacts
Read More
Incident Response USB Slack Windows Activity timeline bi0sCTFs AnyDesk prefetch Chrome

Heist Continues - InCTF Internationals 2021

g4rud4
2021-08-16
Forensics / Windows

tl;dr

  • Extract User ID and Workspace ID of the Slack workspace participating.
  • Extract the first & last 3 characters of text from the Anydesk Remote connected PC’s thumbnail wallpaper.
  • Extract the type of filesystem of the USBs connected to the system.
  • Extracting active duration of Voice Modulator application used by parsing Windows Activity timeline.
Read More
InCTFi USB Slack Windows Activity timeline Anydesk

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.