Reverse Engineering

Prelude If you don’t know what rabin2 is/what it does. Rabin2 understands many file formats: Java CLASS, ELF, PE, Mach-O or any format supported by plugins, and it is able to obtain symbol import/exports, library dependencies, strings of data sections, xrefs, entrypoint address, sections, architecture type. [src] The binary info option of rabin2 outputs quite a lot of information, however there’s no explanation to what each of the values mean, they can be quite cryptic especially to those not familiar with reverse engineering....

This is actually a challenge from the qualifiers, but because this challenge will be used in the Finals again so we weren’t allowed to post about it until after the finals. More on that later, here’s the writeup. LSCVM: Immaculate Invasion DESCRIPTION During our recon on the notorious fools of LightSpeedCorp, we have discovered this service which runs on a really simple, tiny, trivial, virtual machine that they have created....

This year’s CDDC Qualifiers was very different from the previous year which was more of an ‘red team’ ctf, this year’s qualifiers is a jeopardy style ctf and it’s pretty focused on OSINT which I’m not really into, but anyways here are the writeups for some of the more interesting challenges I solved. [B-1] Fight the Binary Monster Category: OSINT_Blue Drats, we found an unknown executable that someone uploaded to one of our web servers....

Prelude The Windows Binaries I’m talking about here are the ones that comes default with Windows provided by Microsoft. Searching for Strings in the binary I was analyzing a Windows binary C:\Windows\System32\where.exe when I realized the help text of the binary cannot be found anywhere in the binary. After some futher investigation using Process Monitor from Windows Sysinternals I found out that it is reading from C:\Windows\System32\en-US\where.exe.mui during it’s execution....