BNE0x04


The main event will be the HotUSB forensic challenge. Whether you are a guru at forensics or a complete beginner, you should have some fun.

HotUSB is a forensic challenge.

In the land of Brassicaceae the law states it is illegal to have a film, photograph, publication or computer game that shows any depiction of “wasabi”. The Brassicaceae police have arrested Mr. Scumbag, whom is suspected of downloading and viewing these illegal images. Police have interviewed Mr. Scumbag and have ascertained that he is very tech savvy. During the interview he bragged and let it slip that “hypothetically” if he had, say five pictures of wasabi, he would employ tricks to hide the files, and therefore they would never find them. An 8GB USB was confiscated from Mr. Scumbag that the Police need you to conduct a forensic investigation on. Analyse the thumbdrive and find the evidence needed to put this scumbag behind bars.

On the night you will be handed a 8GB USB thumbdrive that you will need to make a forensically sound copy of and provide proof; this is the first part of the challenge and worth 40 points. I’ll be giving a very quick talk/demo on this so everyone should have at least 40 points before they leave. I only have 20 USB sticks to hand out after the demo, so the first 20 people to show up and make their presence known to me (I’ll be the one at the front with the wasabi green t-shirt for those who don’t know me) will get a head start. Once those people have made a copy the USB will be passed on to anyone else waiting to get started. So if you want to get a start before the others make sure to show up early :).

You will likely require Internet access for this challenge; for example at least one tool you will need is not installed by default on Kali. Flags are the SHA-256 hash of any images containing “wasabi”. Hashes are to be submitted via a Direct Message on Twitter to @111A5AB1 (if you follow me you can DM me). There are a total of 1337 points to be obtained as follows:

0 Integrity - 40pts


1 Doritos - 111pts

2 Chips - 211pts

3 Lindt - 75pts

4 Gourmet Sauce - 500pts

5 Gum 400pts

=================

TOTAL: 1337pts

The first person/team to 1337 points or with the highest score on Oct 30th at 5pm (AEST) [which ever comes first] will be the winner.

IMPORTANT!!: You will need to provide your own software and tools. While you do not have to use any forensic suite (e.g. you could solve the CTF with Kali), it would be greatly advantageous. Some suggested software is:

AccessData FTK: http://accessdata.com/product-download/digital-forensics

e-Fense Helix3: https://www.e-fense.com/store/index.php?_a=viewProd&productId=11

Autopsy & The Sleuth Kit: http://www.sleuthkit.org/index.php

A good list of some other tools can be found at [some free, some paid]:

http://forensicswiki.org/wiki/Tools

It would be good to do some reading up on forensic and anti-forensic techniques. For example GPT table layout, slack space, etc.

Here are some thing to take note of:

  1. Bring your laptop. Maybe an extension cord. A few powerboards for the group would be useful too.
  2. Internet access will probably not be provided. You may want to bring your own wifi dongles or tether to your iPwns.
  3. Based on the number of participates, the group may be randomly divided into teams. PREPARE TO MAKE NEW FRIENDS. We will try to team up beginners with gurus. Those that want to go solo are still welcome to do so.
  4. This is a learning exercise for everyone. The idea is to think about problems, make friends and have fun. Don’t treat it like a competition (too much).
  5. Participation in this CTF is under the condition that the winning team organises the next CTF. If you don’t feel you are up to the challenge of designing a CTF, that’s fine - just call for volunteers (there are already 1 or 2 people willing to design a CTF for SecTalks Brisbane). Also, a good idea is for the winning team to give a short presentation on how they solved the CTF, at the next meeting. Again, no pressure or compulsion to do so. 6. The winner will win the praise and admiration of fellow SecTalks Brisbane attendees. Gentle prods and advice will be offered during the session to move things along if people get stuck. The goal is to learn, not to beat your head against a wall for days on end.
  6. Have fun. Learn. Mentor if you are able to. Participate, or just socialise. This is supposed to be a fun, learning event for the security and hacker community.