Eset challenges So far I only worked on the first challenges and it seems that a multitude of solutions for this can be found via Google. The challenges seem to be multiple years and the start page can be found here. Description 1. Download the crackme.exe program The program was designed to test your skillset in reverse engineering, which might come in handy when you work at ESET in one of the positions described above.

IcedID malware challenge This is a malware challenge related to the Zero2Automated course (number 2 out of currently 4). The aim for this challenge was to unpack this IcedID binary, figure out how the configuration was stored, and develop a script to automatically extract the config information. The malware bazaar link also lets us know that the following IOC exists: ilekvoyn[.]com Unpacking In this case the file is a DLL file containing a number of exports.

Classic Password In this challenge we are supplied an elf file and the goal is to find the flag, there are multiple ways to retrieve the flag for this challenge. A simple execution of strings on the file is not enough, however the easiest way seems to be to use ltrace. In this short post, I will use ltrace and afterwards also use the disassembler to solve the challenge. Ltrace route ltrace .

Basic Types This is a basic overview over datatypes after a program has been compiled. All excamples have been compiled with gcc, it might be worthwhile to comapre the output for Visualstudio. Everything is compiled as x64, therefore padding is usually done on 8 byte sizes and pointers are also 8 byte, for 32 bit applications this should be different (4 byte). Local and Global variables This example uses global and local variables.

Anti Flag This file is part of the track “Intro to Reversing”. Because this file does not give any HTB points at the time of this writing, i will keep the flag inside the post. The file is a 64 bit elf binary: localhost:~# file anti_flag anti_flag: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b8de97bc12c627606510140e43fc13e2efffcee5, for GNU/Linux 3.2.0, stripped As the strings output is very short it can also be pasted here and it is obviosu that there are not many strings included:

Basic Malware RE This is a quick writeup of the basic malware re room from tryhackme found at https://tryhackme.com/room/basicmalwarere. The room contains 3 challenges in which the user has to find the flag that is used to calculate the displayed MD5 hash. In this post all challenges are solved without running the executables, only static analysis is used. strings 1 Description This executable prints an MD5 Hash on the screen when executed.

Syncopation This is a challenge from the HTB Business CTF in July 2021. The user has to enter a “killswitch”, when this switch is correct, it is equivalent to the flag. The challenge was solved using binary ninja in the normal graph disassembly view. At the end of the article there is also a high level IL view of the flag comparison function. This is a very short first post for this blog and hopefully not too many details are left out.