Hey everybody!
This week’s challenges are comparatively easy, and they cover everything from binary exploits to recon. In that, they are kind of like potpourri. They are light and varied and guaranteed to brighten up the room. 🌼
For screenshots and descriptions of this week’s additions, see below.
Good luck and have fun!
The Cyber Range Team
P.S. If you’re not already signed up for the BHIS Antisyphon Cyber Range, the following page has screenshots, info, and, of course, a link where you can sign up and join in the fun:
https://www.antisyphontraining.com/cyber-range/
![As cyber defense capabilities increase, the malware they defend against does as well. A large number of malware scanners function by looking for common executable files and scanning them for malicious code. Some malware tries to evade this by using a custom executable format unknown to malware scanners. We suspect that there is a well known cryptocurrency miner on some of our computers here at C3 using such a format. We want to configure our malware scanners to detect this! We need the first four bytes (the magic bytes) of this executable format. The flag will be the four bytes in hex with spaces separating them (for example, "4A 5C 05 00").](https://www.antisyphontraining.com/wp-content/uploads/2023/04/2101-buzzbuzz.png)
![Ash forgot to lock his computer before stepping away, so Mark was able to copy what appears to be a password from a sticky note, but it appears to be "encrypted" beyond his abilities. Can you find what it means?](https://www.antisyphontraining.com/wp-content/uploads/2023/04/2137-hasher-smasher.png)
![Nothing like doing some coding in the morning, had a super important deadline and finished it in no time. Here take a look at the implementation I used, nothing like doing some coding after a cup of joe.](https://www.antisyphontraining.com/wp-content/uploads/2023/04/2144-morning-coffee.png)
![The network detection monitor Zeek will be helpful for this challenge. The flag is the MD5 hash of the ca-cert used by twitter.com in this packet capture. Upload this packet capture to Zeek, press "Run" and examine and correlate the different Zeek logs! You only get three attempts!](https://www.antisyphontraining.com/wp-content/uploads/2023/04/2138-hide-and-zeek.png)