Navigation
« CODEGATE 2012 - Forensics 200 Writeup | Main | Offensive Defense: Protect your high-hanging fruit ...from birds and stuff »
Friday
Feb102012

Forensic Challenge: Help stop the Sbuxnet trojan!

This is a fun forensic challenge created originally for NYU's CSAW Capture the Flag Finals event. The story behind the challenge, along with additional forensic challenges were also used for ACSAC's Tracer Fire class. Now I'm hosting both the forensic image and command and control server on the net so anyone can play.

Begin here: [challenge01.c0.cx] (the challenge is over, thanks to those who played!)

Tools / Techniques / Skills involved:

  • Filesystem forensic analysis
  • Email forensics and cryptographic tools
  • Python, small bit of source code analysis
  • Filetype header analysis, image forensics
  • Minor HTML/HTTP understanding
  • Patience, etc...

Rating: PG-13, use of foul language, simulated violence.

The challenge is a bit lengthy, but there are several videos along the way to keep you amused as you come closer and closer to stopping a hideous trojan. There are no prizes for solving the challenge but so far no one has completed it 100%. If you believe you've solved the challenge and stopped the trojan, email me at teddy@prosauce.org and if you're correct I'll add you name to this post proclaiming you victorious!

Update: Johannes Gumbel was the first to solve the challenge!

Also, if you find any part unnecessarily-difficult or broken, please let me know! Have fun!

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.