Jeopardy-style capture the flag events are centered around challenges that participants must solve to retrieve the ‘flag’. The flag is a hidden string that must be provided to earn points. The more challenges you solve, the more flags you obtain, and the more points you receive. The participant or team with the highest score wins the event.
Challenges incorporate several hacking skills such as web exploitation, reverse engineering, cryptography, and steganography. These skills must be applied to the challenges to solve for the correct answer.
In this article, we will focus on finding hidden data in images and introduce commands and tools that you can use to help you find the flag.
Note: This is an introduction to a few useful commands and tools. The challenges you encounter may not be as straight forward as the examples in this article. Please do not expect to find every flag using these methods.
There will be images associated with each command and tool. The images will be stored at this GIT repository if you’d like to download them and try the commands and tools for yourself.
The file command is used to determine the file type of a file. There may be times when you are given a file that does not have an extension or the incorrect extension has been applied to add confusion and misdirection.
We’ll cover 2 examples of the file command.
You are given a file named rubiks.jpg.
Running the file command reveals the following information.
mrkmety@kali:~$ file rubiks.jpg rubiks.jpg: PNG image data, 609 x 640, 8-bit/color RGBA, non-interlaced
The file command shows that this is a PNG file and not a JPG.
You are given a file named solitaire.exe.
Running the file command reveals the following:
mrkmety@kali:~$ file solitaire.exe solitaire.exe: PNG image data, 640 x 449, 8-bit/color RGBA, non-interlaced
The file command show this is a PNG file and not an executable file. Changing the extension to .png will allow you to further interact with the file.
Exiftool allows you to read and write meta information in files. Flags may be hidden in the meta information and can easily be read by running exiftool.
You may need to install exiftool on your system. Run the following command to install exiftool.
mrkmety@kali:~ $ sudo apt install libimage-exiftool-perl -y
You are provided an image named ocean.jpg.
Running the exiftool command reveals the following information.
mrkmety@kali:~ $ exiftool ocean.jpg ExifTool Version Number : 11.16 File Name : ocean.jpg Directory : . File Size : 42 kB File Modification Date/Time : 2020:07:05 14:56:03-05:00 File Access Date/Time : 2020:07:05 14:56:03-05:00 File Inode Change Date/Time : 2020:07:05 14:56:03-05:00 File Permissions : rw-r--r-- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg JFIF Version : 1.01 Resolution Unit : inches X Resolution : 72 Y Resolution : 72 Profile CMM Type : Little CMS Profile Version : 2.1.0 Profile Class : Display Device Profile Color Space Data : RGB Profile Connection Space : XYZ Profile Date Time : 2012:01:25 03:41:57 Profile File Signature : acsp Primary Platform : Apple Computer Inc. CMM Flags : Not Embedded, Independent Device Manufacturer : Device Model : Device Attributes : Reflective, Glossy, Positive, Color Rendering Intent : Perceptual Connection Space Illuminant : 0.9642 1 0.82491 Profile Creator : Little CMS Profile ID : 0 Profile Description : c2 Profile Copyright : IX Media White Point : 0.9642 1 0.82491 Media Black Point : 0.01205 0.0125 0.01031 Red Matrix Column : 0.43607 0.22249 0.01392 Green Matrix Column : 0.38515 0.71687 0.09708 Blue Matrix Column : 0.14307 0.06061 0.7141 Red Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract) Green Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract) Blue Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract) Comment : THIS IS THE HIDDEN FLAG Image Width : 640 Image Height : 425 Encoding Process : Progressive DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) Image Size : 640x425 Megapixels : 0.272
Hidden in the meta-information is a field named ‘Comment’. The value is where the flag can be hidden.
Additional meta-information within files may be useful depending on the challenge.
#ctf #capture-the-flag #kali-linux #hacking #steganography #linux
If you accumulate data on which you base your decision-making as an organization, you should probably think about your data architecture and possible best practices.
If you accumulate data on which you base your decision-making as an organization, you most probably need to think about your data architecture and consider possible best practices. Gaining a competitive edge, remaining customer-centric to the greatest extent possible, and streamlining processes to get on-the-button outcomes can all be traced back to an organization’s capacity to build a future-ready data architecture.
In what follows, we offer a short overview of the overarching capabilities of data architecture. These include user-centricity, elasticity, robustness, and the capacity to ensure the seamless flow of data at all times. Added to these are automation enablement, plus security and data governance considerations. These points from our checklist for what we perceive to be an anticipatory analytics ecosystem.
#big data #data science #big data analytics #data analysis #data architecture #data transformation #data platform #data strategy #cloud data platform #data acquisition
The opportunities big data offers also come with very real challenges that many organizations are facing today. Often, it’s finding the most cost-effective, scalable way to store and process boundless volumes of data in multiple formats that come from a growing number of sources. Then organizations need the analytical capabilities and flexibility to turn this data into insights that can meet their specific business objectives.
This Refcard dives into how a data lake helps tackle these challenges at both ends — from its enhanced architecture that’s designed for efficient data ingestion, storage, and management to its advanced analytics functionality and performance flexibility. You’ll also explore key benefits and common use cases.
As technology continues to evolve with new data sources, such as IoT sensors and social media churning out large volumes of data, there has never been a better time to discuss the possibilities and challenges of managing such data for varying analytical insights. In this Refcard, we dig deep into how data lakes solve the problem of storing and processing enormous amounts of data. While doing so, we also explore the benefits of data lakes, their use cases, and how they differ from data warehouses (DWHs).
This is a preview of the Getting Started With Data Lakes Refcard. To read the entire Refcard, please download the PDF from the link above.
#big data #data analytics #data analysis #business analytics #data warehouse #data storage #data lake #data lake architecture #data lake governance #data lake management
The COVID-19 pandemic disrupted supply chains and brought economies around the world to a standstill. In turn, businesses need access to accurate, timely data more than ever before. As a result, the demand for data analytics is skyrocketing as businesses try to navigate an uncertain future. However, the sudden surge in demand comes with its own set of challenges.
Here is how the COVID-19 pandemic is affecting the data industry and how enterprises can prepare for the data challenges to come in 2021 and beyond.
#big data #data #data analysis #data security #data integration #etl #data warehouse #data breach #elt
CVDC 2020, the Computer Vision conference of the year, is scheduled for 13th and 14th of August to bring together the leading experts on Computer Vision from around the world. Organised by the Association of Data Scientists (ADaSCi), the premier global professional body of data science and machine learning professionals, it is a first-of-its-kind virtual conference on Computer Vision.
The second day of the conference started with quite an informative talk on the current pandemic situation. Speaking of talks, the second session “Application of Data Science Algorithms on 3D Imagery Data” was presented by Ramana M, who is the Principal Data Scientist in Analytics at Cyient Ltd.
Ramana talked about one of the most important assets of organisations, data and how the digital world is moving from using 2D data to 3D data for highly accurate information along with realistic user experiences.
The agenda of the talk included an introduction to 3D data, its applications and case studies, 3D data alignment, 3D data for object detection and two general case studies, which are-
This talk discussed the recent advances in 3D data processing, feature extraction methods, object type detection, object segmentation, and object measurements in different body cross-sections. It also covered the 3D imagery concepts, the various algorithms for faster data processing on the GPU environment, and the application of deep learning techniques for object detection and segmentation.
#developers corner #3d data #3d data alignment #applications of data science on 3d imagery data #computer vision #cvdc 2020 #deep learning techniques for 3d data #mesh data #point cloud data #uav data
Data integration solutions typically advocate that one approach – either ETL or ELT – is better than the other. In reality, both ETL (extract, transform, load) and ELT (extract, load, transform) serve indispensable roles in the data integration space:
Because ETL and ELT present different strengths and weaknesses, many organizations are using a hybrid “ETLT” approach to get the best of both worlds. In this guide, we’ll help you understand the “why, what, and how” of ETLT, so you can determine if it’s right for your use-case.
#data science #data #data security #data integration #etl #data warehouse #data breach #elt #bid data