September 26, 20186 yr If you've already decrypted the communication between the sample and the C&C, it should be trivial. The communication between the sample and JJ-pc is encrypted using the same scheme, but with another session key.
October 1, 20186 yr Yup. Figured out both communications. Was able to get past it. Any hints for #12? I'm able to get to the VM image but need some help figuring out how the passwd is being validated.
October 1, 20186 yr @bandit You try tracing the execution, which memory cells are accessed and modified in what way. Quite time taking to say the least.
October 2, 20186 yr Is that the last stage of the challenge (the l_e_q)? Or am i in another assembly hell after solving that?
Create an account or sign in to comment