Forensic Challenge: Help stop the Sbuxnet trojan!

This is a fun forensic challenge created originally for NYU's CSAW Capture the Flag Finals event. The story behind the challenge, along with additional forensic challenges were also used for ACSAC's Tracer Fire class. Now I'm hosting both the forensic image and command and control server on the net so anyone can play.

Begin here: [challenge01.c0.cx] (the challenge is over, thanks to those who played!)

Tools / Techniques / Skills involved:

  • Filesystem forensic analysis
  • Email forensics and cryptographic tools
  • Python, small bit of source code analysis
  • Filetype header analysis, image forensics
  • Minor HTML/HTTP understanding
  • Patience, etc...
Read More

Rock The Flag network, CyberSecurity Education, and logging Capture The Flag Experiences

I want to make this as concise as possible, but I haven't written in a while, so stick with me.

Rock the Flag, network, (RTFn) is a project started by myself, and my friends Mike and Nick, designed to help students play Capture The Flag (CTF) competitions. RTFn's goal is improved CyberSecurity education through CTF competitions. We hope to improve CTF experiences with extracted-and-visualized team reports per-event.  The software implements robust logging, with the help of the users, to identify trends. These trends help users identify their team strengths and weaknesses, while profiling each competition they play. At the base of RTFn is an Etherpad (real-time document collaboration on steroids) installation with three major changes.

Read More