Info Hello everyone, I created a forensic challenge for the 2024 edition of Midnight Flag CTF in collaboration with @Niceclear. The challenge was divided into 5 parts. Here is the writeup Writeup - I want my tickets back Difficulty: easy to medium Warning Be careful when handling files Step 1 Statement Jean discovered a package in his mailbox. Inside was a USB key and a letter announcing that he had won tickets to the Paris 2024 Olympic Games.

EscapeRoom Info Category : Digital Forensics SHA1SUM : 4dd5e257c4bef0f950a37bb1e401f3dd990929bf Published : Aug. 18, 2020, midnight Author : The HoneyNet Project Size : 15 MB Tags : PCAP Wireshark Linux Network Unzip the challenge (pass: cyberdefenders.org) and use your analysis tools to examine provided PCAPs and log files. Scenario You as a soc analyst belong to a company specializing in hosting web applications through KVM-based Virtual Machines. Over the weekend, one VM went down, and the site administrators fear this might be the result of malicious activity.

Hammered Info Category : Digital Forensics SHA1SUM : c5282824e485cbafe4b13a942759fd6720433929 Published : Oct. 25, 2020, midnight Author : The HoneyNet Project Size : 944 KB Tags : Apache2 Honeypot Log Analysis WebServer Unzip the challenge (pass: cyberdefenders.org), examine artifacts, and answer the provided questions. Challenge Files kern.log auth.log daemon.log dmesg apache2 Challenge This challenge takes you into the world of virtual systems and confusing log data. In this challenge, as a soc analyst figure out what happened to this webserver honeypot using the logs from a possibly compromised server.

Szechuan Sauce Info Category : Digital Forensics SHA1SUM : bce93945a6637ad0ff0fa25eee4cf0c5f9639474 Published : Oct. 5, 2020, midnight Author : James Smith Size : 13 GB Tags : PCAP Memory Windows Disk Unzip the challenge (pass: cyberdefenders.org), examine artifacts, and answer the provided questions. Challenge Files 20200918_0417_DESKTOP-SDN1RPT.E01: EnCase image file format (2 GB) 20200918_0417_DESKTOP-SDN1RPT.E02: EnCase image file format (2 GB) 20200918_0417_DESKTOP-SDN1RPT.E03: EnCase image file format (2 GB) 20200918_0417_DESKTOP-SDN1RPT.E04: EnCase image file format (2 GB) autorunsc-citadel-dc01.

The Crime Info Category : Endpoint Forensics SHA1SUM : 3eb40fd0257dd3bf7d7513e1423e54c8fced4706 Published : Sept. 29, 2023, 4 p.m. Author : Infern0o Size : 330 MB Tags : Android ALEAPP sqlitebrowser Password : cyberdefenders.org Scenario We’re currently in the midst of a murder investigation, and we’ve obtained the victim’s phone as a key piece of evidence. After conducting interviews with witnesses and those in the victim’s inner circle, your objective is to meticulously analyze the information we’ve gathered and diligently trace the evidence to piece together the sequence of events leading up to the incident.

Tomcat Takeover Info Category : Network Forensics SHA1SUM : 56cc3f2aed9beb326eec027ae5dc9971a37da57d Published : Sept. 15, 2023, 4 p.m. Author : Chadou Size : 459 KB Tags : Wireshark PCAP Tomcat Network NetworkMiner Password : cyberdefenders.org Scenario Our SOC team has detected suspicious activity on one of the web servers within the company’s intranet. In order to gain a deeper understanding of the situation, the team has captured network traffic for analysis. This pcap file potentially contains a series of malicious activities that have resulted in the compromise of the Apache Tomcat web server.