Things I've learned and want to share
Part three of the DerbyCon DomainTools CTF write-ups. You can find coverage of all the Crypto challenges here and coverage of all the Forensics challenges here. This finishes up the solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. Let’s get started!
Part two of the DerbyCon DomainTools CTF write-ups. You can find yesterday’s coverage of all the Crypto challenges here. I’ll be contributing solutions for every challenge in the CTF, broken up by the same section names that they used. When possible, I’ll also be creating CyberChef recipes to directly solve each challenge, and linking to them following the solution description. Today: the forensics challenges!
Many thanks to INIT_SIX for also pointing out a quick way to reduce the size of your WPA handshake captures using pyrit:
pyrit -r /path/to/capture.cap -o /path/to/handshake-only-output.cap stripAdd the “-e” or “-b” switches to filter down to just a single AP by ESSID or BSSID respectively:
pyrit -r capture.cap -o output.cap -b "99:88:77:66:55:44" stripThat’s it! Good hunting!
Many thanks to INIT_SIX for recommending this quick-hit update to the previous WPA wireless attack article. If you find yourself making packet captures and airodump-ng reports that the handshake was captures, but aircrack-ng (or your tool of choice) is having issues, it’s time to break out some manual packet analysis. Let’s verify that capture!
Hermit's Cave 