ctf

BRabbit This is the walkthrough for this Cyberdefenders lab: https://cyberdefenders.org/blueteam-ctf-challenges/brabbit/ We download the EML file from the site. It’s an email, but we can open the .eml file with a text editor like VS Code Locate the attachment, that is base64 encoded and convert to binary: cat ransom.txt | dos2unix | base64 -d > ransom.bin This is the MD5 for the attachment: fbbdc39af1139aebba4da004475e8839 This can be found in VT for instance [Read More]

This is the second part of my walkthrough for the Splunk Corelight CTF, you can fin the first part here. You can find the CTF in Splunk’s BOTS site. SPOILER ALERT: I INCLUDE ALL THE ANSWERS TO THE CTF, BUT HIDDEN, SO YOU HAVE TO CLICK TO SEE IT, IN CASE YOU WANT TO PLAY ALONG Now, let’s play the second scenario. Scenario 2 Important: use for this scenario the index “ctf” [Read More]

EDIT: You can find the second part here Today I’m here with a walkthrough of the threathunting CTF offered by Splunk on its BOTS site. You can register for free and although it has a limit to play it of 3 hours, you can replay it as many times as you like. If you are familiar with the BOTS CTFs published by Splunk in previous years, you be familiar with the format, if not, is very easy, you have a series of questions and you have to find the answer on the logs using Splunk. [Read More]