ARESx

You want a battle?

We'll give you a war.

NEW SITE IS UNDER CONSTRUCTION

Upcoming CTFs Timer

Fword CTF

    ALLES! CTF 2020

      The Team

      Main Team

      Team Captain:
      MillenniumX - Greetings! You can call me MillenniumX, and I'm a high school student. I do bug bounty hunting, iOS development, astronomy and writing (mainly plays and poetry). I'm currently into web exploitation, but starting to learn a little about reverse engineering. I love CTFs due to their competitive yet friendly spirit, and in my free time you can find me listening to NF, Witt Lowry and Vobah!

      Members:
      1. Gh0stPepper - Hi! I'm Gh0stPepper, and I'm a student. I love cryptography and stenography, as well as web hacking, and am always learning.
      Outside of CTFs, I love alternate reality games, Animal Crossing, and listening to music, especially Taylor Swift and The 1975.

      2. wotwot - I'm a software development student who focuses on Cyber security, my main area of expertise lie with binary reverse engineering and exploiting & web exploiting. I enjoy doing CTF's & HTB.

      3. LEVI - Hi there! My name's Levi. I'm a high school student and an ethical hacker that aims to be a greater hacker and secure the World Wide Web. Besides from hacking, I like gaming, programming, robotics, physics etc. I'm not that much of a talk guy, but I understand people and give them support whenever they need me!

      4. Teak - Teak is a professional AppSec specialist with many CTFs and HTBs under his belt, currently looking to get into Bug Bounties. His expertise is in reversing, ROP, and web apps, but he's always looking to learn more, and hone his hackingness. He's always happy to teach to any level of understanding, so don't be afraid to ask any questions.

      5. spitfire - Hello! I'm spitfire. I am an informatics (arguably compsci, idk my college's curriculum is confusing) undergrad student, and really interested in being a security analyst. I can do forensics thingy like memory forensics, packet forensics, storage forensics, and understand Cisco network security. I do CTFs for about a year now, and in the meantime I'm a Python developer. Please guide me to the wonderful world of pentesting! I'm also an electronic music producer, mainly drum and bass, so hit me up if you need a keygen music :d

      6. tsk - Hello! I am tsk. I am an Application Security Engineer by trade. I build out enterprise level appsec programs for companies. I have experience as a full-stack developer, leading appsec teams, consulting for multi-nationals, and I like to hack on the side for fun when I can. I like going to live hacking competitions with my friends and competing in online CTFs too! I have a B.S. in Computing Security and a passion for learning. My experience is in malware reverse engineering, tons of programming languages, web security, penetration testing, linux systems, and much more!

      7. 520 - I'm a penetration tester for a major UK firm, and I'm the kind of person that loves solving puzzles. When I'm not hacking, I'm trying to put my Python knowledge to good monetary use.

      8. Xiahou - Hey! I'm Xiahou, a high school student who picked up cybersecurity as an interest and intend to make a life out of in the future. I consider myself a jack of all trades but master of none when it comes to challenges, and strive to become better quickly.

      9. Oceans - Hello, I'm Oceans, currently working in the IT field for the DOD looking to expand my knowledge and experience in the red team field. I currently specialize in steganalysis/forensics as well as powershell scripting and python programming. Currently rocking SEC+, CCNA, CIW, SEO, and A+ certifications and looking to go for my CYSA and CISSP. I'm a huge fan of playing CTF events and learning all that I can from the community.

      10. R3N4SCITUR - I'm R3N4SCITUR and I'm here to learn from like minded people and have fun doing it. I have always been passionate about technology. I'm obtaining a BA in IT w/emphasis on cyber security. I enjoy CTFs because they are an almost impossible puzzle at first but as you take the time to break them down, you realize there is a solution.

      11. noobs3c - My name is Sofiane (aka noobs3c) and I'm a 19 year old French/Morrocan security researcher and bug hunter who lives in France. Currently, I'm a first year student in IT engineering and I hope to work in cybersecurity in the future! I'm practicing really frequently and really hard by playing multiple CTFs. I love to share resources with others!

      Subsidiary Team

      Team Captain:
      Wisty

      Members:
      1. dropcake

      2. TedZak

      3. SCAND1UM

      4. m1rz

      5. Indura

      6. MrEvil

      7. [email protected]

      8. Severe

      9. QTheBear

      10. ElementalX

      11. wej ynit

      Contact Us

      Hi! If you would like to contact ARESx, either go to our Discord server, or email us directly! Follow us on Twitter for updates!

      Email us here!
      Join our Discord here!

      Writeups

      PoseidonCTF


      sh*tty ransomware - Oceans

      PoseidonCTF

      A write up regarding the Forensics challenge Shtty Ransomware

      So the challenge tells us about a peice of malware that infected someones computer
      disguised as a game and we're asked to find the IP and PORT number associated with it

      To begin we start off by downloading a file called

      Sh
      ttyRansomware.raw

      A simple strings search of the file shows a ton of info regarding a windows machine

      Lets trying running Volatility on it to see if we're playing with a Dump file.

      python vol.py -f ShittyRansomware.raw imageinfo

      Sure enough! Now we can extract some data

      Now lets look at web history of this user
      I'm using the plugin - Chromehistory from 'superponible'

      python vol.py -f ShittyRansomware.raw --profile=Win7SP1x64 chromehistory

      Here we can see 2 interesting links

      Google Drive - Pro Evolution Soccer Pastebins - pro10 light version

      If we take a look at the pastebins file we see some interesting info

      A link to the game and a password for the file

      After downloading and extracting the files we now have the malware executable

      Now we need to see where its pointing...
      Lets load up wireshark and capture the packets while running the malware.

      We can see an HTTP GET request was made

      If we follow the HTTP stream we can now see the IP and PORT the malware was trying to contact

      Now if we follow the IP and PORT

      http://23.97.198.147:32841

      It will return the flag

      FLAG: Poseidon{HUhu'R3G0OD4tD1gG1nG}