Misc is actually divided into small pieces in foreign competitions.
In the domestic competition, it is divided into the Misc field, and sometimes Crypto (especially the classical code) is also included.
In the section on Misc, the knowledge of this piece will be introduced from the following aspects:
- Recon (Information Collection)
Mainly introduce some channels for obtaining information and some tips for using search engines such as Baidu and Google.
- Encode (encoding conversion)
Mainly introduce some common coding forms and conversion techniques and common ways in CTF competitions.
- Forensic && Stego (Digital Forensics && Stealth Analysis)
Steganography is the most important part of Misc, including file analysis, steganography, memory mirror analysis, and traffic capture analysis. It involves clever coding, hidden data, files in nested files, and flexible search. The engine gets the information it needs and so on.
Misc in CTF is different from real-life forensics. In reality, forensics rarely involves clever coding encryption, data hiding, file strings scattered around, or other brain holes. Challenge. Many times it is time to carefully recover a corrupted file, dig into the clues of the damaged hard drive, or extract useful information from the memory image.
Realistic forensics requires practitioners to identify indirect evidence of malicious conduct: traces of an attacker's attack on the system, or traces of internal threatening behavior. In actual work, computer forensics mostly finds criminal clues from logs, memory, and file systems, and finds relationships with data in files or file systems. Compared with the analysis of content data, traffic forensics pays more attention to the analysis of metadata, which is the current network session with TLS encryption between different endpoints.
Misc is the best place to cut into the CTF competition and cultivate interest. Misc examines the basics and has varying degrees of involvement in all aspects of safety skills, which can inspire thinking to a large extent.
本页面的全部内容在 CC BY-NC-SA 4.0 协议之条款下提供，附加条款亦可能应用。