Crowdstrike AdversaryQuest CTF – Much Sad

In January 2021 Crowdstrike opened up their AdversaryQuest CTF. The CTF consisted of 12 challenges split across three new “threat actors”: SPACE JACKAL, PROTECTIVE PENGUIN, and CATAPULT SPIDER. The challenges mostly focused on binary exploitation and reverse engineering which is a bit of a departure from my skillset. Nonetheless I was able to solve two of the twelve challenges; this one relating to the CATAPULT SPIDER adversary, and another from SPACE JACKAL.

Rabid fans of the memetacular Doge and the associated crypto currency, CATAPULT SPIDER are trying to turn their obsession into a profit. Watch out for your cat pictures, lest CATAPULT SPIDER intrude your network and extort them for Dogecoin.

Much Sad

We have received some information that CATAPULT SPIDER has encrypted a client’s cat pictures and successfully extorted them for a ransom of 1337 Dogecoin. The client has provided the ransom note, is there any way for you to gather more information about the adversary’s online presence?

NOTE: Flags will be easily identifiable by following the format CS{some_secret_flag_text}. They must be submitted in full, including the CS{ and } parts.

This challenge is more OSINT focused. The only information we are given is a text file containing the ransom note and some nice Doge ASCII art.

Aside from the ASCII art we have what is presumably a Dogecoin address…

DKaHBkfEJKef6r3L1SmouZZcxgkDPPgAoE

…and an email address.

shibegoodboi@protonmail.com

Searching Google for the username quickly gives us a few promising leads, including a Twitter account and a Reddit account.

I decided to start with the Twitter account, and noticed the link to a Github account named shibefan.

Examining the listed repositories it appears that the user is particularly interested in Dogecoin – no great surprise given what we have been told.

Exploring the repositories themselves we find an HTML page containing the flag.

There is probably much more that could be done around tracking the Dogecoin addresses, but this is enough for now.

Flag

CS{shibe_good_boi_doge_to_the_moon}

 

One thought on “Crowdstrike AdversaryQuest CTF – Much Sad

Leave a Reply

Your email address will not be published. Required fields are marked *