The official announcement has just been made: https://cloud.google.com/blog/topics/threat-intelligence/announcing-eleventh-annual-flare-on-challenge. Countdown: https://flare-on.com/

Quote

This year’s contest may be the most diverse ever, with 10 challenges covering architectures including Windows, Linux, JavaScript, .NET, YARA, UEFI, Verilog, and Web3. Yes, you read that correctly, there is a YARA challenge this year.

Surprised by the YARA and Veriflog entries. I wonder what they have in mind for those.

Edited September 16, 2024Sep 16 by Washi

Early registrations still open... https://flare-on11.ctfd.io/

1 day and 11 hours to go as of this post, launching Sept. 27th 2024 at 8pm EST. Get ready...

Ted.

not OK:
 

I hope you guys will enjoy, will be monitoring here and on X in case any issues occur. I think we bumped up the difficulty this year, or maybe it's me and I'm getting old

9 hours ago, Mr. Jones said:

we bumped up the difficulty this year

Oh boy... I haven't got any vacation days left. 

3 hours ago, kao said:

I haven't got any vacation days left.

Sick days or AWOL... 🤔

Ted.

3 hours ago, kao said:

Oh boy... I haven't got any vacation days left. 

Hi kao. I noticed that you are busy, you didn't even read the last PM I've send you regarding DNGuard trials,
or maybe there is a board error and you wasn't notified....
Many thanks again for the DNGuard trials you send me so far.
 

GUYS!

THE GAME HAS JUST STARTED!

 

@whoknows  are you IN?

no way, no idea!  

I am completely stuck at problem 5. Can anyone give me a clue as to what I am supposed to look for?

Yeah, I got stuck at #5 as well.  Here's what I got so far.  I think I need a nudge in the right direction.

Spoiler

I know how the data was stolen.  I found and decrypted the shellcode responsible for stealing the data.   I know how to talk to shellcode to steal the data.  However, I still don't know where the flag is.  

Any hints?

@pcmcia: It seems like you've used only 1 piece of the puzzle. You were given 2.

Spoiler

Do you know how attackers talked to shellcode?

 

Im also stuck at #5. 

Spoiler

I can't seem to decrypt it holy shit. It just spews out random garbage. I swear I got the correct key.

 

I finally figured it out.

@xdbruh1234

Spoiler

The second encryption is not standard.

 

5 minutes ago, blank said:

I finally figured it out.

@xdbruh1234

  Hide contents

The second encryption is not standard.

 

Spoiler

Bruh how? My decompilation for the encryption of the shell code looks the same for the next one

 

6 hours ago, xdbruh1234 said:

Im also stuck at #5. 

  Hide contents

I can't seem to decrypt it holy shit. It just spews out random garbage. I swear I got the correct key.

 

Same issue here as well.

Spoiler

I thought I had the right key as well and now I'm starting to doubt whether the key is wrong, the file being read is wrong or both.

 

Edited October 2, 2024Oct 2 by eatcreche
self-doubt got the better of me

Anyone able to give a nudge for 6? Been stuck on it  😑

8 hours ago, kao said:

@pcmcia: It seems like you've used only 1 piece of the puzzle. You were given 2.

  Hide contents

Do you know how attackers talked to shellcode?

 

Thanks! Regarding your question...

 

Spoiler

Are you referring to the first stage (triggering) or second stage (exfiltration)?  If you are referring to the second stage, are there any files that captured the conversations in the second stage?  Is there even an ransom note?

 

Hey guys anybody have hint or help for ch2 checksum? 

6 hours ago, NativeBridge said:

Hey guys anybody have hint or help for ch2 checksum? 

Spoiler

You may skip a few to continue looking at the bottom

 

Hi, anyone can help me with 5?

Spoiler

I've found the shellcode (or at least I believe it) but not sure about key and nounce, because every time i got garbage Can i dm someone to check if my data are correct? 

 

On 10/2/2024 at 4:40 PM, kao said:

@pcmcia: It seems like you've used only 1 piece of the puzzle. You were given 2.

  Hide contents

Do you know how attackers talked to shellcode?

 

Apologies for hijacking the reply - could you please help point me in the right direction with regards to this?

Spoiler

I think I have the right key but am struggling with figuring out where the file/data that needs to be decrypted is. There was what looked like a suspicious filepath to me but that breadcrumb has not led me anywhere promising. Am I going down the wrong path?

Was overthinking it, all good now.

 

Edited October 4, 2024Oct 4 by eatcreche
skill issue resolved

does challenge 6 require to guess an input string that should be hashed?

Anybody can help with ch3 ? i need to create file to match the yara rule ? dont understand what to do