This is a post in a series where I complete every Flare-on challenge. The landing page for all of these posts can be found here This challenge includes two files, a packet capture formatted in PCAP format and a Windows binary. Opening up the PCAP in Wireshark, I found multiple HTTP streams submitting POST requests. I looked at each of these POST requests and saw they all have a few bytes of content.

This is a post in a series where I complete every Flare-on challenge. The landing page for all of these posts can be found here In the third challenge, you are greeted with a nice goat named Elfie that when you are typing characters show up on the screen. As always I start off by checking out what kind of binary I am looking at λ file elfie elfie: PE32 executable (console) Intel 80386, for MS Windows As I said we are greeted by thie goat that eats magic keys

This is a post in a series where I complete every Flare-on challenge. The landing page for all of these posts can be found here The second challenge from this season built on the first challenge. It was another password entry challenge but with a more complicated password encoding scheme. First things first I validated what kind of file I was looking at. λ file very_succes very_succes: PE32 executable (console) Intel 80386, for MS Windows When running the file I entered some test data to see how it looked to a user.

This is a post in a series where I complete every Flare-on challenge. The landing page for all of these posts can be found here The first challenge in the 2015 season on Flare On was a pretty easy enter the password type of challenge. I started off by opening the extracted file in IDA and running it in the debugger. I stepped to the section of code that evaluates the input versus the input

This is a post in a series where I complete every Flare-on challenge. The landing page for all of these posts can be found here We start off with a PDF file in Challenge 4, I start off by dumping the contents of the streams using pdf-parser from Didier Stevens PDF-tools pdf-parser.py -f APT9001.orig.pdf > apt5.txt Looking through the content I find a block of Javascript code that looks interesting