Since I have recently managed to learn about Windows Kernel Exploit and reverse Windows Driver, I decided to take notes and write down my experience. The article talks about configuring for VMware and WinDbg, setting Windows Boot, WinDbg Command, and WinDbg theme(todo). If you are also trying to debug Windows Kernel-mode via The Windows Debugger (WinDbg), this may be helpful to you.
Read More ...missing 的情境式是 APT attack 事件,需要透過封包解密以及逆向 Binary,來還原整個攻擊過程,取得 flag。其中包含還原 Malware Protocol,Malware Config,C2 Server 與 Client,受害者資訊,Plugins (加密/壓縮/指令功能),BMP 圖檔等,最後會在附錄附上解密的程式碼與解密後的封包內容。
Actually, pewpewboat.exe is not a Windows PE file but an x64 ELF binary. When we launch the binary in linux, we can see that is a the Battleship game.
Notepad.exe is a Windows x86 executable, it seems to be a modified version of Microsoft’s Notepad.exe. Let’s launch this binary and it looks nothing special.
Greek_to_me.exe is a Windows x86 executable. When we launch the binary, we can’t input anything, and we don’t get any output from the binary. It gets stuck waiting for us to do something.
This is a crack me challenge. IgniteMe.exe expects to run without any command line argument. It asks the player to input the flag and checks whether it’s correct or not.
Flare-On Challenge is the FireEye Labs Advanced Reverse Engineering (FLARE) team’s yearly reverse engineering contest. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals.
Read More ...本篇以 HEVD 為案例進行實作,HEVD 是由 HackSysTeam 所開發的 Kernel Driver,該專案中包含了許多常見的漏洞,適合想練習 Windows Kernel Exploit 的研究人員練習,藉以用來練習各種漏洞利用方法。本篇以 Windows 7 為範例,本次測試的 Windows 7 沒有 SMEP 與 SMAP 防護機制,相對較簡單,有機會也會在其他版本的 Windows 上練習。
Read More ...今年 HITCON 在 HITCON CMT 研討會期間又舉辦了與前幾年類似的 wargame,相較於 HITCON CTF 是比較簡單的小型競賽。很幸運跟以色列的朋友一起組隊,因為我很 Lazy 而他們是 Hacker,所以隊名就取 Lazyhacker。在團隊中我負責解 Reverse 的題型,這次 Reverse 只有兩題,都是 Windows 題,分別是小算盤跟踩地雷,還蠻有趣的,所以想紀錄一下。