Windows Internals CTF

With @sambowne, @djhardb, @KaitlynGuru, and @infosecirvin.

Scoreboard · Submit Flags

       

Archived Videos

GRIMMCON 0x04, 2021
CircleCityCon on June 13, 2021

Archived Scores

GRIMMCON 0x04
June 10, 2021
CircleCityCon, June 13, 2021
June 21, 2021
WASTC FDW, June 24, 2021
July 11, 2021

                                                       

Prepare a Windows VM

Recommended
    PMA 41: Windows 10 or 11 with Analysis Tools
20
Not Recommended
    PMA 40: FLARE-VM
20
Alternative Local System
    H 2: Windows 2016 Server Virtual Machine
15
Best Cloud System
    PMA 60: Windows 10 on Azure Cloud
15
Alternate Cloud System
    PMA 30: Windows 2016 Server on Google Cloud
15

PE Files and DLLs

PMA 105: Process Explorer10
PMA 102: Unpacking25
PMA 121: Unpacking with OllyDbg and pestudio50
PMA 122: PE Headers50
PMA 123: Importing DLLs45
PMA 124: DLL Hijacking15
PMA 125: Installing Visual Studio 201910
PMA 126: DLL Proxying20
PMA 403: API Monitor15

Debugging

PMA 301: x86 Assembler with Jasmin30
PMA 401. Simple EXE Hacking with Ollydbg120
PMA 402: Hacking Minesweeper with Ollydbg45

Kernel Debugging

PMA 410c: Kernel Debugging with LiveKD15
PMA 430: WinDbg Preview15
PMA 431: WinDbg Preview: Source-Level Debugging10
PMA 432: WinDbg Preview: Kernel Debugging35
PMA 433: Kernel Debugging with Breakpoints30
PMA 434: Debugging a Driver30

Exploit Development

ED 308: Exploiting "Vulnerable Server" (Local VM) · (Cloud)25
ED 309: Defeating DEP with ROP20
ED 318: Exploiting Easy RM to MP3 Converter30
ED 319: SEH-Based Stack Overflow Exploit (Win 2016) · (Win 10) 65

Bootkits

PMA 420: Bootkit Analysis with Bochs15
PMA 421: Understanding the MBR70
TPM 1: Trusted Platform Modules on Windows15

DOT NET

PMA 132: Reversing a .NET Executable40
ED 330: Using C# DOT NET20
ED 331: Dot Net Reflector45

PowerShell

U-Cen and U-Cyb: PowerShell75

Rust

R 10: Rust Basics, Overflows, & Injection35
R 20: Dangling Pointers & Memory Leaks in Rust35

Disassembly

PMA 303: IDA Pro40
PMA 304: C Constructs in Assembly15
PMA 510: Starting with Ghidra10
PMA 511: Ghidra Data Displays40

Windows Memory Protections

ED 301: Windows Stack Protection I: Assembly Code15
ED 302: Windows Stack Protection II: Exploit Without ASLR15
ED 303: Windows Stack Protection III: Limitations of ASLR15
ED 310: Windows Mitigations10

Malware Analysis

PMA 101: Basic Static Techniques50
PMA 110: capa15
PMA 131: Custom UPX25
PMA 221: Basic Dynamic Analysis60
PMA 222: Making a Windows Keylogger10

Assembly Language

Prepare a Linux VM

ED 30: Linux Virtual Machine  15
H 201: Google Cloud Linux Server  10
ASM 100: Basics  69
ASM 104: Bases & Printing  40
ASM 105: ASCII  20
ASM 110: Gdb  30
ASM 120: Files  55
ASM 200: Caesar Cipher  35
ASM 210: XOR  20

Virtual Machine Resources

Download Textbook Labs Here

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

   

Zoom: https://zoom.us/j/4108472927 Password: student1

TPM 1 added 7-6-2021