├── RCTF2017 └── HelloDalvik │ ├── BruteForcer.java │ ├── MainActivity$1.java │ ├── MainActivity.java │ ├── MathMethod.java │ ├── README.md │ ├── avd.png │ ├── decompiled.png │ ├── flag.png │ └── native.c ├── Sharif2016 └── Locky │ ├── README.md │ ├── decrypter.py │ ├── encrypted_file.png │ ├── extracted_files │ ├── file_1.locky │ ├── file_2.locky │ ├── file_3.locky │ ├── file_4.dec │ ├── file_4.locky │ └── file_5.locky │ ├── privatekey.pem │ ├── publickey.pem │ ├── ransomware.py │ └── ransomware_heap.vma └── TeaserConfidence2019 └── GoMachine ├── README.md ├── calc_input.py ├── dump_vm_trace.py └── img ├── calc_hash.PNG ├── flag.PNG ├── hash_comparison.PNG ├── meme.jpg ├── overview.PNG ├── seed.png ├── trace_diff1.PNG ├── trace_diff2.PNG ├── trace_diff3.PNG └── trace_diff4.PNG /RCTF2017/HelloDalvik/BruteForcer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/BruteForcer.java -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/MainActivity$1.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/MainActivity$1.java -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/MainActivity.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/MainActivity.java -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/MathMethod.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/MathMethod.java -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/README.md -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/avd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/avd.png -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/decompiled.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/decompiled.png -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/flag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/flag.png -------------------------------------------------------------------------------- /RCTF2017/HelloDalvik/native.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/RCTF2017/HelloDalvik/native.c -------------------------------------------------------------------------------- /Sharif2016/Locky/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/README.md -------------------------------------------------------------------------------- /Sharif2016/Locky/decrypter.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/decrypter.py -------------------------------------------------------------------------------- /Sharif2016/Locky/encrypted_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/encrypted_file.png -------------------------------------------------------------------------------- /Sharif2016/Locky/extracted_files/file_1.locky: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/extracted_files/file_1.locky -------------------------------------------------------------------------------- /Sharif2016/Locky/extracted_files/file_2.locky: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/extracted_files/file_2.locky -------------------------------------------------------------------------------- /Sharif2016/Locky/extracted_files/file_3.locky: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/extracted_files/file_3.locky -------------------------------------------------------------------------------- /Sharif2016/Locky/extracted_files/file_4.dec: -------------------------------------------------------------------------------- 1 | SharifCTF{df90036c153c345dc707d693225f29e3} 2 | -------------------------------------------------------------------------------- /Sharif2016/Locky/extracted_files/file_4.locky: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/extracted_files/file_4.locky -------------------------------------------------------------------------------- /Sharif2016/Locky/extracted_files/file_5.locky: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/extracted_files/file_5.locky -------------------------------------------------------------------------------- /Sharif2016/Locky/privatekey.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/privatekey.pem -------------------------------------------------------------------------------- /Sharif2016/Locky/publickey.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/publickey.pem -------------------------------------------------------------------------------- /Sharif2016/Locky/ransomware.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/ransomware.py -------------------------------------------------------------------------------- /Sharif2016/Locky/ransomware_heap.vma: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/Sharif2016/Locky/ransomware_heap.vma -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/README.md -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/calc_input.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/calc_input.py -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/dump_vm_trace.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/dump_vm_trace.py -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/calc_hash.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/calc_hash.PNG -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/flag.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/flag.PNG -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/hash_comparison.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/hash_comparison.PNG -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/meme.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/meme.jpg -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/overview.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/overview.PNG -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/seed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/seed.png -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/trace_diff1.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/trace_diff1.PNG -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/trace_diff2.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/trace_diff2.PNG -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/trace_diff3.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/trace_diff3.PNG -------------------------------------------------------------------------------- /TeaserConfidence2019/GoMachine/img/trace_diff4.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DeliciousHorse/writeups/HEAD/TeaserConfidence2019/GoMachine/img/trace_diff4.PNG --------------------------------------------------------------------------------