/ SecEDU

SECedu Malware Forensics CTF

Interested in forensics and keen to tackle a few challenges?

This year's crop of students at UNSW were the first to take the COMP6445 Digital Forensics and Incident Response course.

Students had the choice of taking a standard stream or an extended stream for those keen to double-down on this area. One of the assessment tasks for the extended stream was to write a CTF (capture-the-flag) which the students in the standard stream had to sit as an exam.

The subject was split into three topics: Disk Forensics, Memory Forensics and Malware Forensics.

For a bit of fun, we've decided to share the Malware Forensics group's CTF for the world to have a crack. This CTF will remain live until the end of the year. We hope you enjoy it!

You can access the CTF here:

The CTF is malware themed, with challenge categories including Ransomware, Anti-forensics, Custom packing and Remote Access Trojans. In order to complete all of the challenges, you will need to use both static and dynamic analysis on the malware samples.

The following tools are recommended:

  • Windows 7 (or newer) Operating System (for PE executables)
  • Linux (or equivalent) Operating System (for ELF executables)
  • Image manipulation program (e.g. GIMP)
  • Networking Utilities (Netcat, ftp client)
  • Binary Disassembler (Binary Ninja, IDA Pro)
  • Binary Debugger (GDB, x64dbg)