Tuesday, August 4, 2015

Flare-On Challenge and SANS Cyber Defense Challenge

I'm currently trying to work on a couple of challenges.  I can't say much about the Flare-On Challenge.  I just found out about it Monday evening.  It is only ongoing until September 1st.  I don't really have a lot of experience with digital forensics, but I decided I would give it a try.  I will be happy if I solve one puzzle.  If interested, you may want to check out, http://www.flare-on.com.  Be careful, though, because it is noted on the site that some parts of the challenge may be malicious.  The reason being is because when doing digital forensics, one has to analyze malware.  I use VM's on a computer that I do not use for any activity other than challenges.  That way, even if malware breaks out of the VM, which some advanced ones can, I can just start from scratch.

The SANS Cyber Defense Challenge seems more straightforward so far.  You just answer a series of questions that you receive via e-mail.  There are ways to get more points as well, like being socially active about SANS Cyber Defense, and sharing good information regarding the field.  It'll probably get more difficult as it goes on.  I don't have a lot of experience in that either.  So, even if I don't win, I'll consider it a decent learning experience.  That challenge can be found at http://cyber-defense.sans.org/blog/2015/06/11/cyber-defense-challenge-leaderboard-2015.

I found a good Intro to Assembly tutorial at http://chortle.ccsu.edu/AssemblyTutorial/index.html.  I'm staring at a lot of assembly code trying the Flare-On Challenge, and I have no idea how to make heads or tails of it as of yet.  I downloaded IDA Free version, CFF Explorer, PE Explorer, Ollydbg, and ILSpy.  I installed them on a VM.  So far they seem fairly easy to use.  All of them except for ILSpy work okay using Wine.  ILSpy requires Microsoft .NET Framework 4.0.  I'm not sure if that will run on Wine or not.  I'll have to do more research on that, or start up a Windows VM and put it on there.  For the IDA Free version, I found some scripts that add functionality to it.  I was reading articles on resources.infosecinstitute.com called, "Applied Cracking & Byte Patching with IDA Pro" and "Applied Reverse Engineering with IDA Pro" that explained a little bit about how to use those scripts.  I want to find some more in-depth information about those scripts.  So I'll be looking more into that as well.