forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
9_malware_behaviour.xml
152 lines (138 loc) · 5.64 KB
/
9_malware_behaviour.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Malware Behaviour</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
A MetaCTF lab. In your home directory you will find some binaries that you need to reverse engineer in order to determine the password that the
program expects. Once you have found the password, run the program and enter the password to receive the file.
There are binaries to perform dynamic SRE.
</description>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="MAT" topic="Malware Taxonomy">
<keyword>dimensions</keyword>
<keyword>kinds</keyword>
</CyBOK>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>analysis environments</keyword>
</CyBOK>
<video>
<title>Malware Behaviour</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/6XMrHyAqD-4</url>
<type>lecture-prerecorded</type>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>MALICIOUS ACTIVITIES BY MALWARE</keyword>
</CyBOK>
</video>
<video>
<title>DLL injection for Linux: LD_PRELOAD Demo</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/KJPeZptzl1U</url>
<type>lecture-prerecorded</type>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>MALICIOUS ACTIVITIES BY MALWARE</keyword>
</CyBOK>
</video>
<video>
<title>Packers and UPX Short Demo</title>
<by>Z. Cliffe Schreuders</by>
<url>https://youtu.be/6qeDnjOaRiI</url>
<type>lecture-prerecorded</type>
<CyBOK KA="MAT" topic="Malware Analysis">
<keyword>analysis techniques</keyword>
<keyword>MALICIOUS ACTIVITIES BY MALWARE</keyword>
</CyBOK>
</video>
<system>
<system_name>metactf</system_name>
<base distro="Debian 12" type="desktop" name="KDE"/>
<utility module_path=".*/reversing_tools"/>
<utility module_path=".*/ghidra"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts" into_datastore="account">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>false</value>
</input>
</generator>
</input>
</utility>
<utility module_path=".*/kde_minimal">
<input into="autologin_user">
<datastore access="0" access_json="['username']">account</datastore>
</input>
<input into="accounts">
<datastore>account</datastore>
</input>
<input into="autostart_konsole">
<value>true</value>
</input>
</utility>
<utility module_path=".*/handy_cli_tools"/>
<utility module_path=".*/hash_tools"/>
<utility module_path=".*/metactf">
<input into="challenge_list">
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch11-13/Ch11MalBeh_LdPreloadGetUID</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch11-13/Ch11MalBeh_LdPreloadRand</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch11-13/Ch11MalBeh_NetcatShovel</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch18-21/Ch18PackUnp_UnpackEasy</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch11-13/Ch12Covert_ForkFollow</value>
</input>
</generator>
<generator type="metactf_challenge">
<input into="challenge_path">
<value>src_malware/Ch11-13/Ch12Covert_ForkPipe</value>
</input>
</generator>
</input>
<input into="account">
<datastore>account</datastore>
</input>
</utility>
<network type="private_network" range="dhcp"/>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>