Thoughts on Social Media based problem

If we need to search Social media and extract vital information, perhaps the secret is in making best use of the search tools.  I don’t use social media, so this is just from a quick glance on the web. Twitter has an advanced search tool which you access at https://twitter.com/search-advanced. Thinking up clever search terms to put into here might be a useful skill. There are tools available to allow you to download the results of twitter searches into the

Continue reading

Data’s thoughts – 2

More ideas from Data Few other windows thoughts: Look in the c:\windows\prefetch folder sometimes malware has a place it runs from, creates a copy of itself somewhere else, runs that, then deletes the copy. Doesn’t always clean up prefetch though J Alternate data streams are good for hiding things. Dir /r will show you the ADS of a file (or folder, or whole directory tree) Echo hello > junk.txt Dir junk.txt Echo hidden text > junk.txt:myADS Type junk.txt Type junk.txt:myADS

Continue reading

Data’s thoughts – 1

First email from Data Based on the intel below, here are some other thoughts: 1. Familiarity with wevtutil (windows command line event viewer) and the GUI event viewer will make their lives easier. Since server 2003, MS has made it a requirement that ‘if you can do it with the GUI, you can do it with the command line’. So there’s always a command line equivalent… somewhere. It isn’t always convenient. 2. Tunnelling might be something worth touching on. Can

Continue reading

Snorter 3 – Binary Digits

Here we simply have this array of binary numbers which somehow have to be decoded.  There was a clue about sometimes needing a different perspective. 1111111111111110010011001001100100110010011000001100000100000000001111001111101100001 1000001000000110000001100000011111000111100000001111111111111110010011001001100100110 0100110000011000001000000011111111111111000100100010010001001001100101110011101111100 0110000000001111101111111100000110000011000001100100111110110111010000100000000001111 1111111111000100100010010001001001100101110011101111100011000000001111111111111110010 0110010011001001100100110000011000001000000011111111111111100100110010011001001100100 1100000110000010000000111111111111110000110000110000110000110000111111111111110000000

Hidden Data – Challenge 4

For this challenge we were presented with the following QR code and asked what was wrong with it. Comparing with other QR codes online, it should become quickly apparent that they all have distinctive squares in three corners.  In this example, on of the squares is not filled in and as these squares are used by the reading software to align the code and decide which way up it should be this one cannot be read. The first step to

Continue reading

Snorter 2 – It’s letters Jim

I am most grateful to Data for finally providing a solution to this vexing problem.  We were supplied with the attached file and simply told “ASCII is not the only way to represent text.” Jim.txt Data  writes: Answer: *It’s in EBCDIC!* When decoded using EBCDIC it reads: *CiBt’Bs S0^S0sCeCbCcCdCiCc|* Essentially, what the clue says is that ASCII, while one of the most common character encoding methods, isn’t the only one. I checked the file in a hex editor (always a

Continue reading

Software Wrangling – Challenge 1

  For this challenge we were presented with a short python programme (below) which was designed to produce a one-time passcode based on an account number and the current time.  We were asked what the passcode would be for a given account and a time a few weeks in the past. Firstly, we had to add the required date and time rather than real time by modifying either line 20 or 24 to generate the correct value of BigNumber.  The

Continue reading

Hidden Data – Challenge 3

For the third “extract hidden data from an image” challenge we have the grass hopper below: Again, as with the Scottish flag, strings was the solution.  This produced a lot of output with the last few lines as follows: <?php eval(str_rot13(gzinflate(str_rot13(base64_decode(‘LUnHDrTIEX6a1f6+MXHkEznnzMUiDjkO8enda42Q6K6m ZdVKvTbj/ec3HOlpj9/1zzRJK47+dEzneUz/lHBbl/f/N3+ruoRHFXg4nMIG+MW1vrsLhW+YjFBM4V+wmaEsb8EUW2lLDv1+99pg xCGw+V+wm0r3KFJgAV7skmCsksCqgEofFvdRILwaeYkN52Ri3lcgK3elfnaoPGgTO sJjKpTHWM0zfKezABzjyhZaqb5UpsYmeOm315dqUpKyb25R800Ykye5a+Vgt02vfNqz pTXSbTo/JOdtWReIY5Wi9oKo23/M7LCufRkFruAH1o0j3RHBBNMOxSKS/RgUKn1Sw IAwJcIoSs8IF7DAPPHrbkQODuBV5907u7ucXC/X5jmc9RdDGpj9V02tu3TErOisJ2213S9 V8rhcI7tGWAwSg7ywcWNN4ZOm586G06MSFqIyeQtyA7EjChxwurGOEhzdIKtF8lPD5h KBUd09H5AC9swxs6pLXbXO0L1KV7sSzHDulbdj1a5hIIkOBmYsoG9BHPQHkqUl2TUkC zRO6x448uE0sxkLWTcZ4y/wLLy6Hx55bGgEBM6oUCWbPvkwYbpg5RB6ixi+wzeeFp EKnRSZteTWRebVbBmp/7QW2IRw5/GaPAzbP6z/LbW0tdZO/EPvvf4Hn3/8F’))))); Actually, the real output is rather longer, but you get the idea. As we can see, this is a bit of PHP software.  The long sequence of random looking bytes

Continue reading