CTF Challenges: Reconnaissance
TheRealChiwoo
Posted on September 13, 2023
Brief Overview
Now that our previous challenge has been solved, it's time to move on to the next topic. Like I mentioned before, MetaCTF provides 8 different topics of CTF problems, and this time, we are going to take a look at Reconnaissance.
What is Reconnaissance?
For big words like this, I swear Google is my best friend. In Cybersecurity, Reconnaissance is the information-gathering stage of ethical hacking, where you collect data about the target system. To simply put, we use techniques like foot printing and scanning to discover and collect information about a system! Think of it as... I guess a hacker gathering/collecting information about the target system!
CTF Reconnaissance Problems
For this section, I'm going to do a super duper easy peasy simple problem that allows you to understand the very basic definition of Reconnaissance, and a more difficult problem that can demonstrate the subject differently.
KANYE WEST???
Ok, let's take a look at this easy problem.
As mentioned previously, ethical hackers use reconnaissance to gather information about their target. In this instance, it is the Ye himself!
This problem shows the surface level definition of reconnaissance, as it makes us gather information about Kanye's iPhone password. With a simple Google search, we find his password: 000000.
Under ATT&CK
Now onto something a little more difficult...
At first, I had a difficult time understanding the problem. It had too many acronyms that I wasn't familiar with, so I decided to click on the hint: https://attack.mitre.org.
When I went on the website, there was a subsection that specifies 3 different categories for attacks: Enterprise, Mobile, and ICS.
Going back to the CTF problem, it states "what other Initial Access mechanism did the attacker use?" When browsing through the 3 subcategories, I wasn't particularly sure on which one to click. With a little more research, I stumbled across this website: https://www.blackberry.com/us/en/solutions/endpoint-security/mitre-attack.
In the website, it mentions that the Enterprise ATT&CK Matrix contains a sub-matrices that focuses on pre-attack activities (PRE Matrix), attacks against specific OS (Windows, Linux, and macOS Matrices), network infrastructure attacks (Network Matrix), cloud infrastructure attacks (Cloud Matrix), and attacks against containers (Containers Matrix).
When going back to the question, it does seem like the problem wants us to research more into the Enterprise tactics.
When I click on the Enterprise Tactics, there are a lot of sections within it. The CTF problem states that there was a "Valid Accounts" technique, and another technique with Initial Access Mechanism.
After clicking on the Initial Access, there were a total of 9 techniques I found. I was able to narrow it down because the CTF problem stated the Threat Actor was able to get onto our network by using a VPN, which was the "External Remote Services: T1133".
This problem did take a lot of time, as I was a little bit confused on the 3 sections: Enterprise, Mobile and ICS.
Posted on September 13, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.