DEV Community

Cover image for CTF Challenges: Forensics
TheRealChiwoo
TheRealChiwoo

Posted on

CTF Challenges: Forensics

Brief Overview

About 2 months has passed since my first post, and I guess you could say that I took a long hiatus. Firstly, the summer has now started, and I am now interning at MetaCTF, a Capture-the-flag development company where I (as an intern) create/solve different CTF problems. I'll probably write more about different things I learn as an intern, but for now, I believe I will be working as a "Content Development Intern" as well as a "Software Development Intern". Currently, there are 8 categories within the MetaCTF challenges, and today I will talk about Forensics.

What is Forensics?

Ok... so what is it? Forensics is the science of collecting, inspecting, interpreting, reporting, and presenting computer-related electronic evidence. To simply put, you're basically an online detective who deals with locating the data that was compromised during a cyber attack!

CTF Forensics Problem

Now that we know what the category can cover, let's do some actual CTF problems to help us better understand the field.

This problem was recommended to me by my boss (shoutout Roman).

Image description

The problem mentions a "powershell command", and by looking at the command, it seems like it is a window's terminal command. As a beginner, I'm not particularly sure what the command does, so a quick google search won't hurt!

Image description

One of the first websites that pop up is... malwarebytes? I guess it is malicious huh... Anyways, it does say "[System.Convert]::FromBase64String($a)" in the post. It seems like the big string given in the problem needs to be decoded with something, so let's open up a tool that will allow us to convert it!

Image description

AHHHH HAAAAA!!!!!! I guess we found the flag! The first problem didn't seem too difficult... But on to the next!

Top comments (0)