forensicshard

Ett till pajat fonster

undutmaning

Task: Windows BSOD crash dump with custom kernel driver that reads flag from registry, XORs it, stores in XMM registers, then triggers BSOD. Solution: Parse CONTEXT structure to extract XMM14/XMM15, recover XOR key from last 4 bytes, decrypt flag.

$ ls tags/ techniques/

memory_forensics bsod xor_encryption windows_dump kernel_driver xmm_registers context_structure avx_instructions registry_analysis crash_dump_analysis

xor_key_recoverypagedu64_header_parsingcontext_structure_analysisxmm_register_extractionkernel_driver_reverse_engineeringvpackuswb_utf16_to_ascii

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]