bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

KarDi Bee X - Securinets Quals 2021

g4rud4
2021-03-22
Forensics / Memory

tl;dr

  • File recovery from the memory dump
  • Environment variables analysis.
  • RAR and Zip password cracking.
  • Cracking Windows user password hash.
  • Extracting Keepass Master Password from keystrokes of logged data.
Read More
Volatility Windows Memory Analysis Securinets Quals

Be My Guest - UTCTF21

g4rud4
2021-03-15
Forensics / Network

tl;dr

  • Retrieving the flag from Samba SMB workgroup guest.
Read More
UTCTF SMB

Hack Bob's Box - UTCTF21

g4rud4
2021-03-15
Forensics / Network

tl;dr

  • Anonymous login to FTP server.
  • Retrieve SSH login username and password from Firefox History
Read More
UTCTF FTP Firefox History

Little Tricks - StarCTF 2021

g4rud4
2021-01-28
Forensics / Disk

tl;dr

  • Decrypt the bitlocker encrypted drive
  • extracting the flag from deleted PDF
Read More
Disk Encryption Bitlocker StarCTF

PIP Install - Week 2 - Magnet Weekly CTF

g4rud4
2020-10-20
Forensics / Android

tl;dr

  • Finding Picture-In-Picture application capability.
  • Most recently viewed web activity in Picture-In-Picture application on the device.
Read More
Magnet Weekly CTF ALEAP Picture-In-Picture

Mapping the Digits - Week 1 - Magnet Weekly CTF

g4rud4
2020-10-12
Forensics / Android

tl;dr

  • Finding the last modified timestamp of the file that maps names to IP’s accessed.
Read More
Magnet Weekly CTF Autopsy Android Forensics

LOGarithm - InCTF Internationals 2020

stuxn3t
2020-08-04
Forensics / Memory

tl;dr

  • Extract keylogger script from the memory dump.
  • Extract the master key from the packet capture.
  • Reverse the script to get the flag.
Read More
InCTFi Windows Memory Analysis

Investigation Continues - InCTF Internationals 2020

stuxn3t
2020-08-04
Forensics / Memory

tl;dr

  • Extract Invalid Login timestamp from the windows registry.
  • Extract the timestamp of when a JPEG was opened.
  • Extract Google Chrome’s last run time which was pinned to taskbar from windows registry.
Read More
InCTFi Volatility Windows Memory Analysis Windows Registry

Investigation - InCTF Internationals 2020

stuxn3t
2020-08-04
Forensics / Memory

tl;dr

  • Extract process last run time from the windows registry.
  • Extract process run count from the windows registry.
Read More
InCTFi Volatility Windows Memory Analysis Windows Registry

Lookout Foxy - InCTF Internationals 2020

g4rud4
2020-08-03
Forensics / Disk

tl;dr

  • Decrypt the encrypted GPG file found in Outlook Express with the private key stored on the device.
  • Decrypt the firefox saved passwords and log in to the website that the terrorist used.
Read More
InCTFi Autopsy

 Previous 

2 / 4

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.