Hack The Box is a fantastic free (mostly) resource for anyone wanting to improve their offensive security skills. I’ve had an account for years but since I moved away from offensive work to full-time DFIR I haven’t paid much attention to it. Until, that is, I was pointed at their section of forensics challenges.
Rather than logging in to a lab environment via VPN the forensics challenges are standalone downloads of artefacts with a single flag to discover. Points are awarded based on complexity of each scenario while the challenge is active. Every so often a new challenge is added, and an active challenge is retired. No points are awarded for retired challenges, although they are still available to play for those with a Hack The Box VIP subscription.
Due to the distinction between active and retired challenges I am publishing Hack The Box write-ups slightly differently from my usual CTF write-ups. Write-ups for active challenges will be published, but password-protected. The password for each write-up is the Hack The Box flag associated with the challenge. Once a challenge is retired I will remove the password-protection and the write-up will be open to view by everyone.
I realise this might seem strange given all my other write-ups are open, but Hack The Box have a rule prohibiting spoilers for active challenges.
Besides, even if the write-up is password-protected it is often helpful to read other approaches to solving the same problem.
Active Challenges (password-protected)
- Reminiscent (40 points)
- USB Ripper (20 points)
- Obscure (40 points)
- oBfsC4t10n (60 points)
- emo (40 points)
Retired Challenges
- Took the Byte (20 points)
- Keep Tryin’ (50 points)
- Marshal in the Middle (40 points)
- MarketDump (30 points)
- Illumination (20 points)