Forensics on rainbowpigeon

HTX Investigators' Challenge 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Fri, 24 Dec 2021 00:12:06 +0800

I’m really proud of my team for topping the scoreboard!
This CTF was done through a 3D Unity game where there are 3 locations for you to explore and find challenges in. There were hiccups with some challenges but generally it was still fine. It would have also been nice if the in-game description texts for challenges were made selectable so that we could copy-and-paste them elsewhere for convenience and organization.
🎵 Afrojack, Lucas & Steve, DubVision - Anywhere With You (Festival Mix) 🎵

TISC 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Mon, 22 Nov 2021 00:51:06 +0800

I could have been 5th place but unfortunately I did not officially qualify to be a real participant in this event. Still had a good time though, notwithstanding the fact that there was so much ‘steganography’ and quite a bit of guesswork at certain points :)

Details	Links
Official Event Information Page	https://www.csit.gov.sg/tisc/tisc-home
Official Event Landing Page	https://www.tisc.csit-events.sg/
Official Event Summary	https://www.csit.gov.sg/tisc/tisc-2021-summary

BuckeyeCTF 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Tue, 26 Oct 2021 14:51:06 +0800

Kinda disappointed I wasn’t able to do any Web ones (that weren’t solved already), but it’s alright. We got 7th place across all teams despite only having 4 members participating in this :)

Details	Links
CTFtime.org Event Page	https://ctftime.org/event/1434

Flare-On 8 2021 Challenge 5 Solution - 05_FLARE_Linux_VM

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Tue, 26 Oct 2021 00:17:06 +0800

Thanks drome for sharing his knowledge and skills! He completed all 10 challenges and this series of writeups is done by him :)

Details	Links
Official Challenge Site	https://flare-on.com/
Official Challenge Announcement	https://www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html
Official Solutions	https://www.mandiant.com/resources/flare-on-8-challenge-solutions
Official Challenge Binaries	http://flare-on.com/files/Flare-On8_Challenges.zip

pbctf 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Mon, 11 Oct 2021 12:00:06 +0900

Thanks to perfect blue for these nice challenges! The Binary Tree and Switching it up reversing challenges were probably also doable but I didn’t really have the required skill to complete them within the given CTF duration 👍
🎵 Sander van Doorn x Lucas Steve - The World is actually so good.

Details	Links
CTFtime.org Event Page	https://ctftime.org/event/1371

CSAW CTF 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Mon, 13 Sep 2021 12:00:06 +0900

Pretty fun challenges (those that I solved at least) :) I usually don’t even dare to touch anything ICS/SCADA related, but it turns out that these weren’t overly technical. We were also so close to solving the last Web challenge ‘scp-terminal’! We had all steps nailed down except the very last…

Details	Links
CTFtime.org Event Page	https://ctftime.org/event/1315

BrainHack CDDC 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Fri, 25 Jun 2021 12:00:06 +0900

I joined the Junior Category this year and I’ll be frank: this was quite badly organized. It seems that they did not conduct any proper dry runs of the event. They had broken challenges (missing crucial challenge information, missing code in files, non-functional websites) and the worst thing is that they do not even announce when they are aware of the problem, when they are working on rectifying it, and when they have fixed it. Instead, we were left to figure out ourselves that a particular challenge file had been silently changed, or a vital piece of information was quietly added into some challenge description.
There were also insufficent challenges (or they were of inadequate difficulty) to cover the duration of the event, which rendered their plan and timing of staggered challenge releases meaningless. Many hours before each challenge-release checkpoint, the top teams were already tied by their scores and idling. This means that the final winner would essentially be based only on the last challenge-release – which was a Web mission comprising 3 challenges. But because the final Web challenge was inoperative, the top teams basically came to a tie again while waiting for the challenge to be fixed after solving the other 2. Initially, no one knew it was broken so we did not even know what payloads we sent were supposed to work. And when they said it was supposedly fixed, it wasn’t. Isn’t that disorienting?
Some more side points to note is that they delayed the winners announcement livestream 3 times for a total of 6 hours, and the live scoreboard was alphabetically sorted rather than based on time in the event that scores were tied.
Honestly, what’s even scarier is that I heard the Senior Category had even more serious issues, such as being only able to login a day after the competition started…

Anyway, big shoutout to my team for trying their best to find time to work on this together! We came in 3rd and that’s satisfactory.
🎵 Haywood - Backbeat was a really good tune that I put on for this CTF :)

Recovering graphics from a broken PDF

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Thu, 20 May 2021 12:00:06 +0900

This was a Forensics CTF challenge from Cyberthon 2019’s Online Training. I do not have the original challenge title and description with me, although I do remember it was worth the highest possible points for a challenge and First Blood was mine :) I had forgotten what the solution was, but recently I decided to revisit this and figure it out once again after stumbling upon the mess of files I left behind on my hard drive from my original attempts to solve it back then.
In hindsight, while the solution is not difficult and could be pretty short, I found this challenge to be a good opportunity to showcase the different tools that one can usually look to when involved in PDF forensics. Thus, I’ll be taking a more long-winded and exploratory path below. Feel free to skip to the Summary!

Tools Mentioned	Links
010 Editor	https://www.sweetscape.com/010editor/
Didier Stevens’ PDF Tools Masterpost	https://blog.didierstevens.com/programs/pdf-tools/
pdf-parser	http://didierstevens.com/files/software/pdf-parser_V0_7_4.zip
pdfid	http://didierstevens.com/files/software/pdfid_v0_2_7.zip
polyfile	https://pypi.org/project/polyfile/
mutool	https://www.mupdf.com/downloads/index.html
qpdf	https://github.com/qpdf/qpdf
iLovePDF Repair PDF Online	https://www.ilovepdf.com/repair-pdf

DawgCTF 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Sun, 09 May 2021 12:00:06 +0900

Thanks organizers! I enjoyed the Binary Bomb reversing challenges. We got 13th place. Sadly solved less for this one but it was fun trying some RE which I usually avoid. My 9 failed solves were because of Toilet Humor 5.
🎵 Armin van Buuren feat. RBVLN - Weight Of The World (Club Mix) powered me during this CTF :)

Details	Links
CTFtime.org Event Page	https://ctftime.org/event/1319/

UMDCTF 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Tue, 27 Apr 2021 12:00:06 +0900

I appreciate the organizers for putting this CTF together because I enjoyed it a lot. It was at a very appropriate difficulty level for novices. Many thanks to my teammates for helping out. Even though it was only basically 2 active players 🙂, we managed to get 8th place, which I am pretty satisfied with considering our little experience.
🎵 For this CTF I was listening to Kygo - Gone Are The Days ft. James Gillespie!

Details	Links
CTFtime.org Event Page	https://ctftime.org/event/1288
Publicly-released challenges	https://github.com/UMD-CSEC/UMDCTF-2021-Public-Challenges