Forensic Challenge: Help stop the Sbuxnet trojan!

This is a fun forensic challenge created originally for NYU's CSAW Capture the Flag Finals event. The story behind the challenge, along with additional forensic challenges were also used for ACSAC's Tracer Fire class. Now I'm hosting both the forensic image and command and control server on the net so anyone can play.

Begin here: [challenge01.c0.cx] (the challenge is over, thanks to those who played!)

Tools / Techniques / Skills involved:

  • Filesystem forensic analysis
  • Email forensics and cryptographic tools
  • Python, small bit of source code analysis
  • Filetype header analysis, image forensics
  • Minor HTML/HTTP understanding
  • Patience, etc...
Read More