tl;dr

• Analysis of different types of malware in a linear storyline
• Windows timelining
• Analysis of Rootkit, Ransomware, C2 Framework, Process Hollowing, Persistence, and more

tl;dr

• appending same bytes to an existing collision results in a collision as well
• reusing nonce leads to secret leak

tl;dr

• Timing-based attack on the double-and-add algorithm to recover secret value d
• Predict pseudo-random value using the NSA backdoor on Dual_EC_DRBG

tl;dr

• Challenge 2 of Batman Investigation series
• Ransomware Investigation
• Rust based Ransomware Analysis with process dump analysis to recover the randomly generated decryption vector and windows malware analysis
• Recovering from a ransomware attack

Full solution of Batman Investigation II - Gotham Underground Corruption from bi0sctf 2024

tl;dr

• Challenge 1 of Batman Investigation series
• Memory Forensics - WinDBG Dump Debugging - Malware Analysis - Incident Response - Threat Hunting

tl;dr

• Analysis of eBPF assembly
• Simple optimization

tl;dr

• Binary obfuscation with hidden anti-debug checks
• Linear Cryptanalysis (AES with linearly dependent SBOX)

tl;dr

• Custom hook to syscall 0x31337 using eBPF
• Check on the argument passed to syscall to verify correct/incorrect key

tl;dr

• DOM Clobbering to Redirect to another page
• Increasing Content using SQL Injection giving the same column multiple times
• Connection-Pool XS-Leaks to measure the time for the page to load
• Leak the flag character by character using the above techniques

tl;dr

• The VM takes a custom binary as input
• Binary contains function table, code and bss sections
• Code can overlap with bss and be modified at runtime
• The JIT compiler assumes that a function is safe since it ran many times
• Functions modified right before JIT bypass security checks