Notice
Recent Posts
Recent Comments
Link
«   2024/11   »
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Tags
more
Archives
Today
Total
관리 메뉴

CHIqueen

OtterCTF 2018 Recovery

Rick got to have his files recovered! What is the random password used to encrypt the files? 랜섬웨어에서 password관련 함수들을 찾아보면 CreatePassword()와 SendPassword(), startAction()이 있습니다. public string CreatePassword(int length) { StringBuilder stringBuilder = new StringBuilder(); Random random = new Random(); while (0 < length--) { stringBuilder.Append("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1..
포렌식/CTF 2018. 12. 14. 16:48
OtterCTF 2018 Graphic's For The Weak

There's something fishy in the malware's graphics. CTF{S0_Just_M0v3_Socy}
포렌식/CTF 2018. 12. 14. 15:20
OtterCTF 2018 Bit 4 Bit

We've found out that the malware is a ransomware. Find the attacker's bitcoin address. 먼저 프로세스를 덤프 떠줍니다. $ vol.py -f OtterCTF.vmem --profile=Win7SP1x64 procdump -p 3720 -D ./ Volatility Foundation Volatility Framework 2.6 Process(V) ImageBase Name Result ------------------ ------------------ -------------------- ------ 0xfffffa801a4c5b30 0x0000000000ec0000 vmware-tray.ex OK: executable.3720.exe ..
포렌식/CTF 2018. 12. 14. 15:14
Prev 1 ··· 20 21 22 23 24 25 26 ··· 30 Next