A forensic challenge from a national CTF in Spain

Image for post
Image for post
Photo by on

Last week a CTF event organized by the Spanish Guardia Civil was organized, the II NATIONAL CYBERLEAGUE GC. This challenge is oriented to students, due to that reason I could not participate. But I have I friend who participate, He knows I love forensic challenges so He sent me one of the challenges that were part of the competition. Their team did not manage to solve this challenge so let’s see what was about and how to solve it.

Evidence

There are two files:

  • container
  • snap.vmem

If you have played other CTF challenges this seems a little obvious but let it break into parts. The container seems to be an encrypted container and snap.vmem …


Setting up your own mobile penetration lab

Image for post
Image for post
Photo by on

Recently I was hired to give a course about mobile security. Apart from the
, one of the basics for performing mobile or app penetration testing is to have Lab.

In this guide, I will explain the basics to set up an Android mobile pentesting lab. iOS apps are also susceptible to analysis but it is more accessible to set up an Android lab. Probably in the future, I will write a guide about how to set up and iOS mobile pentesting lab. Anyway, let’s start!!

In order to set up our lab we will need the following…


Setting up a quick WiFi MITM scenario using berate_ap + mitmproxy

Since I started to work, around the end of 2013, I always find interesting WiFi security. Along all these years I tested several tools for performing WiFi security attacks, and each tool has its strength and weaknesses. One attack I always like to perform, teaching some classes or performing certain audit exercises, is a MITM WiFi attack. So here is a little tutorial about how to set up a MITM scenario using and .

Image for post
Image for post
Photo by on

A little introduction to WiFi security

But before entering with the setup I think is better to explain some basic concepts. There a lot of things related to WiFi security apart from the typical WPA2 or WEP attack, and that was one of my motivations for writing this article. Clients are a huge part of WiFi security and there a lot of attacks focused on attacking clients. Also attacking WiFi clients can lead us into obtaining WiFi and user credentials. There are several possibilities involving clients, here we are going to see a basic scenario offering an Open Network as a rogue access point(AP). …


How many people and from where are downloading Disney’s Mulan?

Last week I released publicly and I have been using it for tracking Disney+ Mulan downloads. Disney Mulan is being exclusively streamed in Disney+ and a lot of users are avoiding paying Disney to see the movie.

Image for post
Image for post
Disney Mulan inside Disney+

From the 18th of November until the 30th of November I have been tracking the three most popular torrents sharing Mulan. All the data collected has been saved into an elasticsearch cluster for further analysis. I obtained more than 50 thousands unique IPs in twelve days. …


Python and elasticsearch for torrent tracking

A few weeks ago I read a news about in all history. The previous article presented some stats about user downloads, and I always thought about doing something similar. So let’s see how we can create our tracker system.

Image for post
Image for post
Photo by on

BitTorrent protocol

Nowadays direct downloads seem to be a thing of the past and the most popular option for download content is the BitTorrent network. BitTorrent has been evolving since its initial release in 2001 and their made almost impossible to forbid access to any type of content inside this network. In order to download a file, we just need to query a specific hash to the BitTorrent network. We will need that someone is sharing this file inside the network but BitTorrent avoid the use of a classical client/server architecture using a P2P network. In order to remove a file from the network, we will need to be able to stop the connection of all the clients that are sharing the file. …


Secure monitoring of networks using ELK stack, Packetbeat and Suricata

Image for post
Image for post
Photo by on

If you want to secure a network segmentation it is not the only thing that you need. We are now facing companies with multiple devices that need to be protected. Nowadays it is absolutely necessary to monitor your network and devices, every organization should collect all the possible security information about their devices and networks. If you do not monitor your network or devices, how will you be able to detect what is normal behaviour or an attack? There are obvious malicious attacks but earlier detection is crucial in any cybersecurity incident. One of the best and more practical ways of detecting anomalous activity is network monitoring. …


A review of Kaspersky EDR solution

Image for post
Image for post
Kaspersky Endpoint Security Cloud logo |

I currently reviewing possible EDR solutions for a client, a few weeks ago I tested . One available option is Kaspersky so I decided to test it before jumping in any rush conclusions.

Kaspersky is a well-known AV company founded in 1997 and they offered a lot of security solutions. From a commercial and security point of view, it makes sense that they developed an offer EDR solutions and they have a really competitive price, . So let’s try Karsperky EDR and check what it offers.

Trying Kaspersky Endpoint Security Cloud Plus

Visiting their homepage you can easily obtain a for multiple devices. Here you will notice that there are licences, this article is going to be focused on Kaspersky Endpoint Security Cloud Plus, there is also a standard version with lesser capabilities. Another option is Kaspersky Endpoint Security for Business too but thinking on my client, Kaspersky Endpoint Security Cloud Plus could be enough. There is a very limited version of Kaspersky Endpoint Security for Business per 10 devices but I think Kaspersky Endpoint Security Cloud Plus is a better option regarding price and functionalities. …


In my opinion, right now there are better and cheaper alternatives

This 9th of September the new . Right now it is available from . But first of all, let’s explain what is a WiFi Pineapple.

Image for post
Image for post
Pineapple Mark VII | Image from

Introduction

It was 2008 when introduced the first WiFi Pineapple and then consecutive models have been presented every few years. Hak5 created one of the first devices specifically designed for WiFi hacking. The first one that I tested and played with was the WiFi Pineapple Mark V.


Free and valuable resources for learning cybersecurity on YouTube

Image for post
Image for post
Photo by on

Recently I came to read an article talking about and I found it very interesting. That article gave me the idea to write my recommendations for cybersecurity channels.

Data Science is cool but cybersecurity is awesome. Like Data Science the cybersecurity has been flooded by courses and certifications. YouTube has become a platform with awesome cybersecurity content without the necessity to pay money for it. In fact, most of my social networks have ended having some cybersecurity content among them. For example, Twitter is an incredible place for the Infosec community. …


A review of the new generation EDR CrowdStrike

Image for post
Image for post
CrowdStrike Logo |

Recently one of my clients received a well-performed phishing attack with an “invoice”, that like a lot of attachments was malware. Everything seemed to be legit except that the invoice ended in one of my honeypot inboxes. I usually deploy some email addresses, not in use active use by the company, that I monitor in order to catch attacks. The malware seems to be a trojan focused on stealing information. Furthermore being a fresh sample at the beginning is was only detected by six detection engines in VirusTotal, right now it detected by 18 over the 60 available on VirusTotal.

About

Carlos Cilleruelo

Bachelor of Computer Science and MSc on Cyber Security. Currently working as a cybersecurity researcher at the University of Alcalá.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store