SecuraBit

Before It Bytes!

SecuraLabs Challenge #2

This time around we are giving away books!

The contest officially starts NOW and will run until 11:59PM on 11/19.  We will announce winners promptly after that.

Prizes will be awarded to 1st and 2nd place.  Everyone else who scores any amount of points will be entitled to a free sticker mailed to them if they so choose.

You can submit as many times as you wish.  Please do so under ONE email address.  The first person to hit maximum points will win 1st place.  The 2nd person to hit maximum points will be 2nd place.  If no contestant hits maximum points, we will take the highest two scores, in order of submission if there is a tie.

 

Submit to our [email protected]

 

1st place: @binarybitme, completed all 3 challenges and bonus points. Congrats!

2nd place: @zed_0xff, completed all 3 challenges and bonus points.  Congrats!

 

Part 1:  Packet Capture Analysis. (2 points)

Please download this file.  What is the name of exploit kit being used in this pcap (not the verison, you may include the entire string on that line)?  BONUS (1 point):  What is the CVE associated with this?

Part 2: Steganography (3 points)

Please download this file.  You’ll have to have the answer to part 1 in order to fully finish Part 2.  The decryption key will be the main name of the exploit kit all in lower case without spaces, and without the version or anything else on that line in the file (if you email us with what you think it is and it’s close enough i’ll confirm it).  Your answer should be the name of the person whose phone number isn’t like the others.  BONUS (1 point):  Answer the pre-recorded question by emailing us.

Part 3: Reverse Engineering (4 points)

Please download this file.

Submit a working key and serial.  BONUS (1 point): Write a working keygen with dynamic keys.

 

Thanks to Syngress and No Starch our winners will receive a book of their choosing!  We will provide instructions to the winners.

SecuraBit Episode 92: Hammers, Nails, and Screwed!

On this episode we had special guest Christofer Hoff on to discuss Cloud and Virtualized security.  We touched on some pretty amazing points and we hope you’ll enjoy this show!

 

Please visit our wiki for full show notes!

Derbycon Challenge and Attendance Wrap-Up

Hey folks,

This is a wee bit late but we wanted to post the answers to our challenge that we had up before Derbycon.  Fortunately for all, there were enough tickets that nobody actually needed ours.

We had a great time meeting folks and talking security, as well as meeting up with you, our valued listeners on Friday night at Bluegrass Brewing Company (along with fake Russell Crowe!).

Here are the answers to our challenge:

 

1.)  The phrase was “[email protected]” and was inside of a .txt file that was embedded into the PDF we made available.  I utilized a program called wbStego which I believe one or two people figured out and used to find the flag.

For #2 and #3, please see this zip file for the source to both.

2.) The username was user “Jonny Doe” and the password was “Louisville”

3.) The phrase was “I want my derbycon ticket!”.

Derbycon Meetup Friday Night at 10pm!

Join us this Friday 9/30 at the Bluegrass Brewing Company @ 10pm eastern time.  Come by and grab a beer, hang out, and let us throw stickers at you!

The location is:

Bluegrass Brewing Company

2 Theater Sq, Louisville, KY 40202(502) 568-2224 

Here are walking directions as well.  It’s 0.5 miles to walk it, and the weather should be decent enough.

 

**Update:  Check out http://blog.tottenkoph.com/2011/09/28/derbycon-meetups/ for more Derbycon meetups!  Thanks for the mention!!

If you need to contact us follow us on twitter:

@secbitchris
@myne_us
@corykennedy
@mpbailey1911