Show page

Differences

This shows you the differences between two versions of the page.

--- isc:labs:06 [2025/11/09 23:03]
florin.stancu [Setup]
+++ isc:labs:06 [2025/11/10 11:35] (current)
florin.stancu [03. Ransomware]
@@ Line 171: / Line 171: @@
 **FLAG 3 [20p]**
-Try and find the decryption key.
+Try and find the decryption key. Try to capture some DNS queries?
 </note>
@@ Line 241: / Line 241: @@
 ===== 05. [Bonus] Anti-reversing techniques =====
-If you were brave enough to try and decompile the executables, you might have noticed they look like gibberish. If not, use Ghidra to have a look at one of the executables.
+<del>If you were brave enough to try and decompile the executables, you might have noticed they look like gibberish. If not, use Ghidra to have a look at one of the executables.</del>
-The executables are missing any symbols and the code seems very hard to understand. That is because they are packed using [[https://upx.github.io/|UPX]]. While UPX is an executable packer, meant to be used for executable compression, it is also commonly used to make reverse engineering harder.
+<del>The executables are missing any symbols and the code seems very hard to understand. That is because they are packed using [[https://upx.github.io/|UPX]]. While UPX is an executable packer, meant to be used for executable compression, it is also commonly used to make reverse engineering harder.</del>
-The good news is that you can also unpack it using UPX. It is already installed in your VM, so give it a try.
+**Unfortunately**, we forgot to pack the binaries with UPX :( try to pack & unpack them manually instead ;)
+The UPX utility is already installed in your VM (inside Tools), so give it a try.
 After unpacking it, try to decompile it again using Ghidra. Does it look a little bit more readable?

isc/labs/06.1762722228.txt.gz · Last modified: 2025/11/09 23:03 by florin.stancu

Show page Old revisions

Media Manager Back to top

Differences

Lectures

Labs

Support