Intro This is the write-up of all Flare-On 7 challenge write-ups. We assembled this list of the write-ups we found for the different challenges and wrote down the methods each challenge can be solved in. Found a write-up that we did not mention? Wrote a write-up and can’t find it here? Send us a Pull-Request on Github. This list will keep getting updates Challenges 1 - fidler 🐍 Static Call decode_flag with the correct number - explained.

Hello and welcome to our series of tutorials about Flare-On 7! In this series we will take you to a journey into each and every one of the challenges – including the almighty 10th and 11th challenges. Write-ups 1 - Fidler 2 - Garbage 3 - Wednesday 4 - Report 5 - TKApp 6 - Codeit 7 - Re-Crowd 8 - Aardvark 9 - Crackinstaller 10 - Break 11 - Rabbithole In the write-ups, we explain how we approached the different challenges, how we overcame obstacles, scripted our way to the top and avoided rabbit holes.

Challenge Description One of our endpoints was infected with a very dangerous, yet unknown malware strain that operates in a fileless manner. The malware is - without doubt - an APT that is the ingenious work of the Cyber Army of the Republic of Kazohinia. One of our experts said that it looks like they took an existing banking malware family, and modified it in a way that it can be used to collect and exfiltrate files from the hard drive.

Challenge Description As a reward for making it this far in Flare-On, we’ve decided to give you a break. Welcome to the land of sunshine and rainbows! For your convenience, use the table of contents on the sidebar to navigate to different locations and skip parts that you are rather familiar with. Initial Analysis First Look at ./break Looks like this challenge author decided to give us a break after all that hard work we’ve done so far.

Challenge Description What kind of crackme doesn’t even ask for the password? We need to work on our COMmunication skills. In this challenge we get a 64 bit Windows executable, off to a good start. The challenge description has a clue for the possible usage of COM objects here, so we’ll make a mental note of that. Simply executing the binary doesn’t seem to do much, so we’ll fire up a debugger and start looking at the code.

Challenge Description Expect difficulty running this one. I suggest investigating why each error is occurring. Or not, whatever. You do you. Getting Started The eighth challenge this year was surprisingly easy, a good rest before the hardest challenges in the final. In it, we get ttt2.exe which is a 64-bit Windows binary. $ file ttt2.exe ttt2.exe: PE32+ executable (GUI) x86-64, for MS Windows When opening the file in IDA, the flow is pretty straight forward.

Challenge Description Hello, Here at Reynholm Industries we pride ourselves on everything. It’s not easy to admit, but recently one of our most valuable servers was breached. We don’t believe in host monitoring so all we have is a network packet capture. We need you to investigate and determine what data was extracted from the server, if any. Getting Started In the 7th challenge of Flare-On7 we are given with a network capture file re_crowd.

Challenge Description Reverse engineer this little compiled script to figure out what you need to do to make it give you the flag (as a QR code). Getting started In the sixth challenge we are given with a simple file named codeit.exe. As in most of the challenges, let’s start by executing the file command on it. $ file codeit.exe codeit.exe: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed Similar to the 2nd challenge, codeit.

Challenge Description Now you can play Flare-On on your watch! As long as you still have an arm left to put a watch on, or emulate the watch’s operating system with sophisticated developer tools. In this one, we get a .tpk file which is a Tizen OS application that’s used in smartwatches. Let’s extract the files from this archive to see what we’re dealing with. $ unzip TKApp.

Challenge Description Nobody likes analyzing infected documents, but it pays the bills. Reverse this macro thrill-ride to discover how to get it to show you the key. Getting Started In the 4th challenge of Flare-On7, we are given a single Excel file named “report.xls”. As in every challenge, let’s run the file command on it and verify that the extension makes sense. $ file report.xls report.xls: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.

Challenge Description Be the wednesday. Unlike challenge 1, you probably won’t be able to beat this game the old fashioned way. Read the README.txt file, it is very important. Usually, when the challenge author tells you that the README.txt is very important, it’s a great idea to start the challenge by reading it. ██╗ ██╗███████╗██████╗ ███╗ ██╗███████╗███████╗██████╗ █████╗ ██╗ ██╗ ██║ ██║██╔════╝██╔══██╗████╗ ██║██╔════╝██╔════╝██╔══██╗██╔══██╗╚██╗ ██╔╝ ██║ █╗ ██║█████╗ ██║ ██║██╔██╗ ██║█████╗ ███████╗██║ ██║███████║ ╚████╔╝ ██║███╗██║██╔══╝ ██║ ██║██║╚██╗██║██╔══╝ ╚════██║██║ ██║██╔══██║ ╚██╔╝ ╚███╔███╔╝███████╗██████╔╝██║ ╚████║███████╗███████║██████╔╝██║ ██║ ██║ ╚══╝╚══╝ ╚══════╝╚═════╝ ╚═╝ ╚═══╝╚══════╝╚══════╝╚═════╝ ╚═╝ ╚═╝ ╚═╝ --- BE THE WEDNESDAY --- S M T DUDE T F S --- Enable accelerated graphics in VM --- --- Attach sound card device to VM --- --- Only reverse mydude.

Challenge Description One of our team members developed a Flare-On challenge but accidentally deleted it. We recovered it using extreme digital forensic techniques but it seems to be corrupted. We would fix it but we are too busy solving today’s most important information security threats affecting our global economy. You should be able to get it working again, reverse engineer it, and acquire the flag. Triage In the second challenge of Flare-On7 we are given a small binary file with the .

Challenge Description Welcome to the Seventh Flare-On Challenge! This is a simple game. Win it by any means necessary and the victory screen will reveal the flag. Enter the flag here on this site to score and move on to the next level. This challenge is written in Python and is distributed as a runnable EXE and matching source code for your convenience. You can run the source code directly on any Python platform with PyGame if you would prefer.