malphx://blog

Aller au contenu | Aller au menu | Aller à la recherche

Network Forensics


Fil des billets - Fil des commentaires

dimanche, décembre 26 2010

Honeynet Project's FC6 "Analyzing Malicious Portable Destructive File": my submission

Par malphx le dimanche, décembre 26 2010, 15:23

Honeynet Project The Honeynet Project's team has published the results for the 6th Forensic Challenge 2010.

My official results:

{{For this 6th challenge, we received a total of 21 submissions. With your score of 20, you came into position 7.

Below you will find your score per answer:

   Answer 1: 1 points 
   Answer 2: 2 points 
   Answer 3: 3 points 
   Answer 4: 1 points 
   Answer 5: 0.5 points 
   Answer 6: 1 points 
   Answer 7: 2.5 points 
   Answer 8: 4 points 
   Answer 9: 2 points 
   Answer 10: 1 points 
   Answer Bonus 1: 1 points 
   Answer Bonus 2: 1 points

This was a competitive challenge. The top three submissions were within a point of a total score and many submissions that didnt place in the top three were close. We hope you enjoyed the challenge and learned a bit.

The top three submissions have been posted to the challenge web page at http://honeynet.org/challenges/2010_6_malicious_pdf and we encourage you read through them.

We will be taking a little break, but will continue our challenges in 2011. We hope to see your submissions! }}

Well, this time the competition was really hard, as you can see with a score of 20/22 I came in position 7. Others were better ! :-)

If you're interrested my submission for FC6 is in attachment.

Feel free to leave a comment !

aucun commentaire aucun rétrolien une annexe

dimanche, juillet 25 2010

Honeynet Project's FC4 "VoIP": my submission

Par malphx le dimanche, juillet 25 2010, 10:50

The Honeynet Project's team has published the results for the 4th Forensic Challenge 2010 VoIP.


My official results:

Thank you for participating in the 4th Honeynet Project Forensic Challenge 2010: VoIP.
Sjur, Ben, Jianwei, Roland, and Julia finished evaluating your submission. You have received a total of 62 of 63 points.
Below you will find your score per answer:

  • Answer 1.1 (1point): 1 points
  • Answer 1.2 (1point): 1 points
  • Answer 1.3a (1point): 1 points
  • Answer 1.3b (1point): 1 points
  • Answer 1.3c (2points): 2 points
  • Answer 1.4a (2points): 2 points
  • Answer 1.4b (6points (2 each)): 6 points
  • Answer 1.5 (1point): 1 points
  • Answer 1.6 (3points): 3 points
  • Answer 1.7 (5points): 5 points
  • Answer 1.8a (3points): 3 points
  • Answer 1.8b (3points): 3 points
  • Answer 2.1 (4points): 4 points
  • Answer 2.2a (1points): 1 points
  • Answer 2.2b (1points): 0 points
  • Answer 2.3 (2points): 2 points
  • Answer 2.4 (2points): 2 points
  • Answer 2.5a (10points): 10 points
  • Answer 2.5b (3points): 3 points
  • Answer 2.5c (2points): 2 points
  • Answer 2.6 (3points): 3 points
  • Answer 3.1 (2points): 2 points
  • Answer 3.2 (2points): 2 points
  • Answer 3.3 (2points): 2 points

A sample solution as well as the submissions of the winners has been posted to the challenge web page at http://honeynet.org/challenges/2010_4_voip. Sjur, Ben, Jianwei, Roland, and Julia will be summarizing highlights from various submissions in a blog post shortly.

We are still finalizing our next challenge. Please subscribe to our RSS feed or check our web sites for announcements.

For this 4th challenge, we received a total of 21 submissions. With your score of 62, you came into position 1. Congratulations!!!!

You could find my submission for FC4 on the Honeynet Project's site. For this one, I've used a great visualization tool named PicViz written by Sébastien Tricaud from the French Chapter.
You should read his paper about his tool: Know Your Tools: use Picviz to find attacks

Feel free to leave a comment !

aucun commentaire aucun rétrolien

vendredi, mai 14 2010

My submission to the Honeynet Project Forensic challenge 2010/3

Par malphx le vendredi, mai 14 2010, 22:23

The Honeynet Project's team has published the results for their last forensic challenge.

Congratulations to the Winners !

This time, luck was not with me and I was not in the top 3, but came only in 4th position.

Because only the winners submissions are published on the Challenges official site, I publish mine here for review and comments.

Unfortunately, I misunderstood question 5...

This challenge was really good and again taught me a lot of new things and new tools.

My official results:

For this 3rd challenge, we received a total of 22 submissions. With your score of 41, you came into position 4. You placed into the top third. With the many great submissions and the competitive field, this is a great accomplishment. Congratulations.

Below you will find your score per answer:
    Answer 1: 2 points
    Answer 2: 4 points
    Answer 3: 2 points
    Answer 4: 4 points
    Answer 5: 1 points
    Answer 6: 8 points
    Answer 7: 2 points
    Answer 8: 6 points
    Answer 9: 4 points
    Answer 10: 5 points
In addition, you have received 3 bonus points.

You could find my submission here: franck_dot_guenichot_at_orange_dot_fr_Forensic_Challenge_2010_-_Challenge_3.pdf

Feel free to leave a comment !

aucun commentaire aucun rétrolien

mercredi, mars 24 2010

Honeynet Project's FC2010/2 - My submission

Par malphx le mercredi, mars 24 2010, 13:48



The second "2010" Forensic Challenge published by the Honeynet Project is now closed, and the results have been published.
This time the investigators (or contestants) had to dissect a pcap file containing network traces of "browsers under attack".
The analysis revealed that a "lab setup" has been used to mimic the interactions between victim's browsers and some malicious Web sites.
Feel free to review my submission, all the winners submissions and the solution given by the Honeynet Project's Team.
I haved scored 43/43 for this one, and so I'm one of the 4 winners
I'm now waiting the publication of #3 ('Banking Troubles'), which promises to be very interresting.
Finally, I would also like to thank all the Honeynet Project's team for giving us such interresting and educationnal contests !

aucun commentaire aucun rétrolien

mardi, février 16 2010

Honeynet: Challenge 1 of the Forensic Challenge 2010

Par malphx le mardi, février 16 2010, 13:49


I've participated in the last Honeynet Challenge.
This Challenge ran from Jan 18th 2010 to Feb 15th 2010.

It was about the analysis of a PCAP trace file containing an attack.
Results have been published,
and I'm proud of my #2 position in this contest.
You could find my submission on The Honeynet Project's website.

aucun commentaire aucun rétrolien

- page 1 de 2