Introduction

Deck Decoder was a challenge from the 2024 edition of the Midnight Flag CTF. This particular challenge had something to do with your archives getting disorganized and you having to organize them again… Let’s dive in !

The binary

Seems to be nothing special, at first glance we’re dealing with a stripped ELF64 binary, one of the sections seems to have high entropy but nothing too suspicious.

On launch, the code demands a PIN code. After the PIN code it asks for a string. Giving it just any random string will make it print either :( or Uh oh ! stoping here....

Introduction

WiiWii was a challenge from the 2024 edition of the Midnight Flag CTF. This particular challenge was about reversing a Dolphin file.

I started by loading this file on a Dolphin Emulator in Debug mode by doing dolphin-emu -d. I then set up my View to have the register, memory and instruction tabs.

We can see this starts a server on a local IP address. I patched the port so it would be on port 4095 instead of 80 since the emulator didn’t have permissions for that port. Let’s try and curl it.

Introduction:

Durant l’été 2022, un opérateur d’importance vitale (OIV) alerte l’ANSSI car il pense être victime d’une cyberattaque d’ampleur. Le security operation center (SOC) de l’OIV envoie à l’ANSSI un export de sa collecte système des derniers jours. Vous êtes chargé de comprendre les actions réalisées par l’attaquant.

On nous fournit une série d’EVTX, que nous allons utiliser tout le long du challenge.

Pour mieux les exploiter, il est utile de connaître les outils Hayabusa et Takajo. Ce sont des outils qui nous permettent d’analyser des EVTX et de générer des alertes depuis des règles Sigma grâcieusement fournies (plus de 7000 !).