Posts

DarkSide: The Rise and The Fall

Cybercriminal activity of DarkSide gang was first spotted on August 10th, 2020, when the group made an initial announcement on its blog hosted on the Tor network and immediately caught some attention of the information security industry not only because of the sound of confidence of the message by stating that they already had previous experience in this kind of operation and have earned millions partnering with other cryptolockers and they were not coming from nowhere. The post also made sure that they had a clear ‘code of conduct’ as per the types of industries they would allow the affiliates to target with their malware by limiting the attacks only to companies that could pay for the requested amount after business analysis of their net incomes and not targeting the ones from medical and education sectors, not-for-profit organizations, and government companies. Finally, after a series of successful attacks with several companies having their data encrypted and others being double-ex

[Write-up] CyberSoc | Life Online | growingup

Image
In this write-up I will be explaining how I solved the challenge growingup of the CyberSoc CTF | Cyber Detective. The challenge windows displays the following information: Once again, all we have is James Markson's Twitter profile. The challenge is asking us the place where James spent his childhood. In other words, the place where was raised, not necessarily where he was born. This reminded me of a not-so-common profile bio that I saw the first time I visited James' profile. He used a combination a 3 words separated by a dot with each one having 3 slashes at the beginning. That was a kind of word combination/encoding that I have never seen before. My first move was to Google those terms and see if the results contained any clues that could indicate a place/location. After spending some time searching for them, I didn't find anything relevant enough to tie them to a place in the map. So I decided to go back to the Twitter profile and do the same thing I did in the previous

[Write-up] CyberSoc | Life Online | voteforme

Image
In this write-up I'll show the resolution for the voteforme challenge of the CyberSoc | Cyber Detective CTF. The challenge provides us the following information: After accessing James Markson Twitter profile, there is no direct indication of his politicals views. At least no in his profile description. I decided to browse his tweets to see if there was any clue of his political bias. Quickly, I found a tweet of Feb 10, 2020 which he retweed and made a comment about a Barack Obama's tweet. The comment was affectionate towards Barack Obama. Based on the information contained in this tweet, I assumed that James supported Obama's party. Some people might immediately know which party is this. However, let's assume we have to find out that too. With a quick Google search looking for Obama's party it is possible to find that out and get the flag.

Brazilian "SSN" (CPF) and "EIN" (CNPJ) generator in Ruby

In this post I used two official documents of Brazil's government called CPF which is the equivalent of the Social Security Number in the USA (SSN) and another one called CNPJ that would be the Employer Identification Number in the USA (EIN). I always had a certain curiosity about how numbers of official documents (social security number, credit cards, etc) are generated. Certainly they're not just randomly chosen numbers and must follow a determined logic during its generation, otherwise they wouldn't be valid numbers. It happens that for every number that is used there is a calculation behind it which the result will determine the document validity. There are several websites that offers this kind of service in a easy way, not just for one document. Here I'll show you the algorithm of CPF/CNPJ generation and its implementations which are very similar. Both were wrote in Ruby. Well, I coded two very simple scripts following just what came in my mind at the moment. T