forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
7_dynamic.xml
127 lines (112 loc) · 5.91 KB
/
7_dynamic.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Dynamic analysis SRE</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
Dynamic analysis and debugging play a pivotal role in the field of cybersecurity and malware analysis. In this lab, you will delve into the world of dynamic malware analysis, a critical practice for understanding how malicious software behaves at runtime. You will learn how to use the GNU Debugger (GDB) to dissect and monitor a program's execution, even when you don't have access to its source code. This is particularly valuable for cybersecurity professionals and malware analysts, as it enables them to identify and analyze malicious behavior, ultimately contributing to the development of effective security measures.
Throughout this lab, you will gain a comprehensive understanding of GDB, from setting breakpoints and examining memory locations to analyzing registers and making informed decisions about program execution. You will explore practical examples, such as setting breakpoints at specific locations in the code, examining memory content, and identifying crucial information like passwords. By the end of this lab, you will have the skills necessary to conduct dynamic analysis and debug potentially malicious programs effectively, providing invaluable insights into their runtime behavior and enhancing your expertise in the realm of cybersecurity and malware analysis.
In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the program expects. Once you have found the password, run the program and enter the password to receive the flag.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1EuTmklR3AVxdiYTrzyJ89vHU9UUY2QOn3oU74zQF19k/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>analysis environments</keyword>
<keyword>DYNAMIC ANALYSIS</keyword>
</CyBOK>
<video>
<title>Dynamic Analysis and Debugging</title>
<by>Thalita Vergilio</by>
<url>https://youtu.be/6MeJIr3EKKM</url>
<type>lecture-prerecorded</type>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>analysis environments</keyword>
<keyword>DYNAMIC ANALYSIS</keyword>
</CyBOK>
</video>
<system>
<system_name>metactf</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<utility module_path=".*/reversing_tools"/>
<utility module_path=".*/ghidra"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts" into_datastore="account">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>false</value>
</input>
</generator>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">account</datastore>
</input>
<input into="accounts">
<datastore>account</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/metactf">
<input into="challenge_list">
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_GdbIntro</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_GdbRegs</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_GdbSetmem</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_GdbPractice</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch01-08/Ch08Dbg_GdbParams</value>
</input>
</generator>
</input>
<input into="account">
<datastore>account</datastore>
</input>
</utility>
<network type="private_network" range="dhcp"/>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>