After not so positive experiences with security conferences this year I finally decided to visit the biggest of them. Here’s DEFCON 23 in several points:
B-Sides London Challenge was supposed to be a one time thing. However when the peepdf’s author creates a challenge it’s hard to say no to that! Don’t try to be like me and learn things the hard way. Trust me on this one and take my advice beforehand. Before you even consider reading this walkthrough update your tool! Otherwise you will spend a long time trying to solve it.
A few weeks back I was analyzing a Solaris 10 (SPARC) raw partition image and was trying to determine from the wtmpx files who had logged into the system, from what/which remote IP addresses and when. To be more precise, I was tracking nagios account that was used to compromise this machine. The problem I encountered was that the file system was completely wiped out - all files were gone.
It’s nothing new to say that every moment hundreds of thousands requests with malicious payloads are hitting web servers around the world with bad intentions. Probably you’ve seen it many times in many different forms. I would like to take a deeper look at some of them: webshells.
Unfortunately I wasn’t able to attend BSides London this year - otherwise there would probably be a DFIR.IT on Tour entry somewhere on the blog. Recently I haven’t got a lot of time to play with any DFIR challenges but when one of the guys at work mentioned about BSides Toxic PDF I decided to give it a try.