All News (146 Posts)

<< Next - First ... 5 6 7 8 9 ... Last - Previous >>

Hackfu2015 Challenge 7 - Solution

#106 - Posted on 12 May 2015 - Author: SM - Category: Challenges, Security

This is part of my write up from the Hackfu 2015 Security Challenge.

The third and last challenge I solved was surprisingly very easy, but there might have been more to it...

The instructions given were:

  • An ELF Binary file: shipbinary
  • "Your mission is to analyse the executable binary and find a way to get it to run to its completion so that it ends up spitting out the access code for the ship's central server."

    • Below is how I solved that challenge:
    We first run the following command to see all the printable/ASCII strings from the binary.
    > strings shipbinary
    Below is an extract of the most interesting result from the above command.
    Enter Decryption Code:
    burnthelandandboilthesea
    Code Accepted.
    Establishing Connection to Planet Abaddon...
    out.txt
    123.123.123.1 -c 1 | tail -1| awk '{print $4}' | cut -d '/' -f 2     ...
    >>[READ MORE]

    Hackfu2015 Challenge 5 - Solution

    #105 - Posted on 12 May 2015 - Author: SM - Category: Challenges, Cryptography, Security

    This is part of my write up from the Hackfu 2015 Security Challenge..

    The second challenge I solved was in fact quite easy because I solved a similar one for the SANS Summer challenge in 2014 (where it took me much longer to solve the first time I came across this type of steganography!)

    The instructions given were:

  • An audio file to analyse
  • There is a hidden message in it, find it!

    • Below is how I solved that challenge:
  • Listening to the audio file only produces white noise.
  • Looking for strings added to the file does not produce anything.
  • Looking for hidden data using stenography extraction tool such as steghide does not produce anything either.

    • But, If you load the file in a windows software such as Sonic Visualizer, add a layer to show a Spectrogram ...
    >>[READ MORE]

    Hackfu Challenge 2015 - Solution for Challenge 1

    #104 - Posted on 11 May 2015 - Author: SM - Category: Challenges, Cryptography, Security

    MWR ran a Security Challenge last April, unfortunately I only found out about it 3 days before the dead line! I still managed to solve 3 out of the 7 challenges and really enjoyed them.

    The first challenge was especially interesting, as I like cryptography. This was a tough one!!!

    The instructions given were

  • You are invited to a game of Poker but must find the password
  • You find a note with written "Pocket RC4"
  • You find a deck of card ordered from Ace to King with the following "couple" suits: {Diamond, Club}, {Heart and Spade}. This mean AD, AC, 2D, 2C....KH, KS
  • You find a note with the following written on it: "WEMUSTFOLLOWTHEWHITERABBITANHXJRAAZEBYYOMNWPBKGZOGY"

    • That's pretty much it! Below is how I solve this challenge and cracked the code:

    I used information on PocketRC4 f...
    >>[READ MORE]

    One more update to the Security Onion Guide

    #103 - Posted on 11 May 2015 - Author: SM - Category: Guides, IDS, Misc, Security

    We have updated once more our Security Onion Installation Guide with a few tweaks regarding setting up BRO emails and SSH.
    There is also a new PDF version, using an updated template, available from the download section .

    ...
    >>[READ MORE]

    Updated Security Onion Guide

    #102 - Posted on 5 April 2015 - Author: SM - Category: Guides, IDS, Misc, Security

    Last week, Security Onion repository moved from Google Code to Github. We have now updated our Security Onion Installation Guide with the new links.
    Basically, replacing the base part of each link from the old reference
    "https://code.google.com/p/rest_of_the_link]"
    to
    "https://github.com/Security-Onion-Solutions/rest_of_the_link]"

    If you are looking for "issues", not only do you need to replace the base reference as mentioned above, but you also need to remove the "detail?id=" at the end of the URL.
    For example:
    https://code.google.com/p/security-onion/issues/detail?id=488 (does not work )
    Becomes
    https://github.com/Security-Onion-Solutions/security-onion/issues/48...
    >>[READ MORE]

    How to setup PIWIK to track visitors' downloads

    #101 - Posted on 28 March 2015 - Author: SM - Category: Guides, Security

    PIWIK is a an amazing Open-Source Web Analytics platform which is a good alternative to http://www.google.com/analytics/ as it provides full control to your data and more details (i.e.: full IP addresses).
    You have 3x hosting options:

  • Use their cloud service. (More info here)
  • Host it yourself online: at the back of your web server or on a different/dedicated server. (More info here)
  • Host it offline, and manually import your apache logs. (More info here )

    • The advantage of hosting it online is that you can use a php/javascript trackers within your web pages producing more information on your visitors (screen resolution, plugins, etc)
    It also allows you to do certain "tricks", such as tracking who downloads a specific image as ...
    >>[READ MORE]

    How to setup Security Onion on a home network with Splunk, email alerts and some basic tuning

    #100 - Posted on 23 March 2015 - Author: SM - Category: Guides, IDS, Security

    Entry Last updated on the 11th of May 2015
    a PDF version is also available to download here

    Security Onion (SO) is a great open source project created by Doug Burks.
    It is a Linux Distribution based on Ubuntu and bundled/configured with all the tools you need to get a powerful, and free, Network Security Monitoring system (NSM). It can be used to monitor your network traffic for suspicious activities and malware.

    This guide is aimed at people who quickly want to get started with SO with the following basic functionalities:
  • Getting an understanding of what Network and Server setup are required
  • Going through a basic SO installation
  • Getting basic understanding on how to tune Snort and remove false positives
  • Getting regular reports and speci
    • ...
    >>[READ MORE]

    Fix for compiling VMwaretools 9.9.2 on kernel 3_18+

    #99 - Posted on 15 March 2015 - Author: SM - Category: Guides, Security

    We recently encountered some errors when trying to recompile the VMwaretools on Kali (kernel 3.18) and Security Onion (Kernel 3.2):

  • error: implicit declaration of function ‘smp_mb__after_clear_bit’
  • error: ‘struct dentry’ has no member named ‘d_alias’

    Those errors meant it was not possible to share files between the Host OS and the virtual machines, as compilation was failing in the vmhgfs-only directory.

    Below are a set of instructions to fix those issues.
    Please note the following was Tested with VMwaretools-9.9.2-2496486.tar.gz, and you need to do this as "root"
  • In Fusion/VMWare select reinstall VMwaretools - This will mount a virtual VMWare CDROM
  • Go to that CDROM and copy the VMwaretools tar.gz file onto your /tmp directory.
  • Unmount the CDROM (you may not need to do this, but we did have have issue once with the CDROM still mounted).
  • Uncompress the tar.gz file using "tar xvzf"
  • Go to /tmp/vmwa
    • ...
    >>[READ MORE]

    New Site Migration Complete

    #98 - Posted on 12 March 2015 - Author: SM - Category: Misc

    A new era has begun, we have completed our migration/integration from encryptsolutions.com to elysiumsecurity.com.
    Encryptsolutions.com was created in 1998, 17 years ago, mainly to offer a web platform and support to the BUGS cryptography project.
    In this time our expertise has evolved beyond Cryptography and has grown accross multiple security areas which are reflected in this new website, brand and set of services

    Our commitment to the open source community is as strong as ever and you can expect more guides/tools/articles to be published very soon.

    ...
    >>[READ MORE]

    SANS Brochure Challenge Write-Up

    #97 - Posted on 1 January 2015 - Author: SM - Category: Challenges

    Last Summer SANS organised a security/hacking challenge through 4 of their brochures, each brochure had an “easy” challenge in the form of a hidden message to de-cipher to get a URL to the second level of each of the 4 challenges.

    Below is a brief explanation of the steps I took for the main technical challenges:

    1. Challenge 1, level 2: Alice’s encrypted file for Bob
    First you need to load the pcap file provided for that question into Wireshark, two type of traffic should catch your attention: some HTTP and SMB traffic. Doing a quick search (CTRL-F) for the string Bob in the “packet bytes” will get you to Frame 669, which is a web chat over HTTP where Alice mentions to someone that she needs to send a file to Bob and R...
    >>[READ MORE]