DEV Community

Cover image for CTF Challenges: Reconnaissance
TheRealChiwoo
TheRealChiwoo

Posted on

CTF Challenges: Reconnaissance

Brief Overview

Now that our previous challenge has been solved, it's time to move on to the next topic. Like I mentioned before, MetaCTF provides 8 different topics of CTF problems, and this time, we are going to take a look at Reconnaissance.

What is Reconnaissance?

For big words like this, I swear Google is my best friend. In Cybersecurity, Reconnaissance is the information-gathering stage of ethical hacking, where you collect data about the target system. To simply put, we use techniques like foot printing and scanning to discover and collect information about a system! Think of it as... I guess a hacker gathering/collecting information about the target system!

CTF Reconnaissance Problems

For this section, I'm going to do a super duper easy peasy simple problem that allows you to understand the very basic definition of Reconnaissance, and a more difficult problem that can demonstrate the subject differently.

KANYE WEST???

Ok, let's take a look at this easy problem.

Image description

As mentioned previously, ethical hackers use reconnaissance to gather information about their target. In this instance, it is the Ye himself!

This problem shows the surface level definition of reconnaissance, as it makes us gather information about Kanye's iPhone password. With a simple Google search, we find his password: 000000.

Under ATT&CK

Now onto something a little more difficult...

Image description

At first, I had a difficult time understanding the problem. It had too many acronyms that I wasn't familiar with, so I decided to click on the hint: https://attack.mitre.org.

When I went on the website, there was a subsection that specifies 3 different categories for attacks: Enterprise, Mobile, and ICS.

Going back to the CTF problem, it states "what other Initial Access mechanism did the attacker use?" When browsing through the 3 subcategories, I wasn't particularly sure on which one to click. With a little more research, I stumbled across this website: https://www.blackberry.com/us/en/solutions/endpoint-security/mitre-attack.

In the website, it mentions that the Enterprise ATT&CK Matrix contains a sub-matrices that focuses on pre-attack activities (PRE Matrix), attacks against specific OS (Windows, Linux, and macOS Matrices), network infrastructure attacks (Network Matrix), cloud infrastructure attacks (Cloud Matrix), and attacks against containers (Containers Matrix).

When going back to the question, it does seem like the problem wants us to research more into the Enterprise tactics.

Image description

When I click on the Enterprise Tactics, there are a lot of sections within it. The CTF problem states that there was a "Valid Accounts" technique, and another technique with Initial Access Mechanism.

Image description

After clicking on the Initial Access, there were a total of 9 techniques I found. I was able to narrow it down because the CTF problem stated the Threat Actor was able to get onto our network by using a VPN, which was the "External Remote Services: T1133".

This problem did take a lot of time, as I was a little bit confused on the 3 sections: Enterprise, Mobile and ICS.

Top comments (0)