Tag: forensics
-
picoCTF 2022 | Operation Orchid Write-up
Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download compressed disk image Category: Forensics Following the same steps as from the previous challenge of this type, Operation Oni, I extracted the disk image. First, I tried…
-
picoCTF 2022 | St3g0 Write-up
Download this image and find the flag. Download image Category: Forensics I ran through my list of steganography tools, most of which can be found here. Nothing seemed to work until I got to zsteg:
-
picoCTF 2022 | Operation Oni Write-up
Note: you must launch a challenge instance in order to view your disk image download link. Download this disk image, find the key and log into the remote machine. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Category: Forensics To start, click the “Launch…
-
picoCTF 2022 | Eavesdrop Write-up
Download this packet capture and find the flag. Download packet capture Category: Forensics Another challenge requiring us to analyze captured network packets. Let’s fire up wireshark. Combing through the captured traffic, I found the first important clue Let’s keep looking. At first, I tried to copy the text, which is the transferred file’s content, but…
-
picoCTF 2022 | Sleuthkit Apprentice Write-up
Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download compressed disk image Category: Forensics Having downloaded the file, I used binwalk -e to extract the disk image. Navigating to the extracted directory, I first attempted grep…
-
picoCTF 2022 | Sleuthkit Intro Write-up
Download the disk image and use mmls on it to find the size of the Linux partition. Connect to the remote checker service to check your answer and get the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download disk image Access checker…
-
picoCTF 2022 | Redaction gone wrong Write-up
Now you DON’T see me. This report has some critical data in it, some of which have been redacted correctly, while some were not. Can you find an important key that was not redacted properly? Category: Forensics The provided file is a .pdf, let’s take a look. Even though they appear to be black bars,…
-
picoCTF 2022 | Packets Primer Write-up
Download the packet capture file and use packet analysis software to find the flag. Download packet capture Category: Forensics The provided file is in the .pcap format, which is the output of a program that captures network traffic. Knowing this, let’s open it up with wireshark, a tool specifically made to analyze network traffic. On…
-
picoCTF 2022 | Lookey here Write-up
Attackers have hidden information in a very large mass of data in the past, maybe they are still doing it. Download the data here. Category: Forensics A quick and simple challenge, simply download the file and use the grep command to look for the flag. Here I used the keyword “pico”:
-
picoCTF 2022 | Enhance! Write-up
Download this image file and find the flag. Download image file Category: Forensics Viewing the image file with an image viewer is not very helpful: Let’s try looking at the file in a text editor instead: Stitching these flag pieces together yields our completed flag: picoCTF{3nh4nc3d_56e87c96}
Duy's Tinkerings 