finalize empirec2

Author: connar

content/ctfwriteups/empirec2.md

@@ -151,11 +151,11 @@ <h1>
 
 <article class="post-entry tag-entry"> 
   <header class="entry-header">
-    <h2 class="entry-hint-parent">Empire C2 - Writeup
+    <h2 class="entry-hint-parent">Empire is at Risk - Writeup
     </h2>
   </header>
-  <footer class="entry-footer">0 min&nbsp;·&nbsp;connar</footer>
-  <a class="entry-link" aria-label="post link to Empire C2 - Writeup" href="http://localhost:1313/ctfwriteups/empirec2/"></a>
+  <footer class="entry-footer">8 min&nbsp;·&nbsp;connar</footer>
+  <a class="entry-link" aria-label="post link to Empire is at Risk - Writeup" href="http://localhost:1313/ctfwriteups/empirec2/"></a>
 </article>
     </main>
 

public/categories/c2/index.html

@@ -8,11 +8,17 @@
     <language>en-us</language>
     <atom:link href="http://localhost:1313/categories/c2/index.xml" rel="self" type="application/rss+xml" />
     <item>
-      <title>Empire C2 - Writeup</title>
+      <title>Empire is at Risk - Writeup</title>
       <link>http://localhost:1313/ctfwriteups/empirec2/</link>
       <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
       <guid>http://localhost:1313/ctfwriteups/empirec2/</guid>
-      <description></description>
+      <description>&lt;p&gt;In this challenge we are given:&lt;/p&gt;
+&lt;blockquote&gt;
+    &lt;p&gt;A pcap file (capture.pcap)&lt;/p&gt;
+    &lt;p&gt;A powershell dump (powershell.DMP)&lt;/p&gt;
+&lt;/blockquote&gt;
+&lt;p&gt;A lot of times hard difficulty challenges are related to C2 traffic, and in this challenge we are given a pcap file that indicates there is a chance this might be the case. Simply searching for &lt;code&gt;Empire C2&lt;/code&gt; (Empire from the title of the challenge) will yield results related to an Empire C2 Framework.&lt;/p&gt;
+&lt;p&gt;Navigating through some posts, a very good one that I used as a reference while solving the challenge was:&lt;/p&gt;</description>
     </item>
   </channel>
 </rss>

public/categories/c2/index.xml

@@ -148,11 +148,14 @@ <h1>Categories</h1>
 </header>
 
 <ul class="terms-tags">
+    <li>
+        <a href="http://localhost:1313/categories/c2/">c2 <sup><strong><sup>1</sup></strong></sup> </a>
+    </li>
     <li>
         <a href="http://localhost:1313/categories/forensics/">Forensics <sup><strong><sup>1</sup></strong></sup> </a>
     </li>
     <li>
-        <a href="http://localhost:1313/categories/malware/">Malware <sup><strong><sup>9</sup></strong></sup> </a>
+        <a href="http://localhost:1313/categories/malware/">Malware <sup><strong><sup>10</sup></strong></sup> </a>
     </li>
     <li>
         <a href="http://localhost:1313/categories/network-traffic/">Network-traffic <sup><strong><sup>1</sup></strong></sup> </a>

public/categories/index.html

@@ -36,6 +36,13 @@
       <guid>http://localhost:1313/categories/phishing/</guid>
       <description></description>
     </item>
+    <item>
+      <title>C2</title>
+      <link>http://localhost:1313/categories/c2/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>http://localhost:1313/categories/c2/</guid>
+      <description></description>
+    </item>
     <item>
       <title>Forensics</title>
       <link>http://localhost:1313/categories/forensics/</link>

public/categories/index.xml

@@ -221,6 +221,15 @@ <h2 class="entry-hint-parent">Analyzing Beep Malware
   <a class="entry-link" aria-label="post link to Analyzing Beep Malware" href="http://localhost:1313/posts/beepmalware/"></a>
 </article>
 
+<article class="post-entry tag-entry"> 
+  <header class="entry-header">
+    <h2 class="entry-hint-parent">Empire is at Risk - Writeup
+    </h2>
+  </header>
+  <footer class="entry-footer">8 min&nbsp;·&nbsp;connar</footer>
+  <a class="entry-link" aria-label="post link to Empire is at Risk - Writeup" href="http://localhost:1313/ctfwriteups/empirec2/"></a>
+</article>
+
 <article class="post-entry tag-entry"> 
   <header class="entry-header">
     <h2 class="entry-hint-parent">Exploring OneNote Forensic tools

public/categories/malware/index.html

@@ -97,6 +97,19 @@ Let’s dive into what the Windows API is and why it’s crucial
 </span></span><span style="display:flex;"><span>
 </span></span><span style="display:flex;"><span><span style="color:#66d9ef">exit</span>
 &lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;p&gt;So, let&amp;rsquo;s open the dll in IDA and view the specific function:&lt;/p&gt;</description>
+    </item>
+    <item>
+      <title>Empire is at Risk - Writeup</title>
+      <link>http://localhost:1313/ctfwriteups/empirec2/</link>
+      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+      <guid>http://localhost:1313/ctfwriteups/empirec2/</guid>
+      <description>&lt;p&gt;In this challenge we are given:&lt;/p&gt;
+&lt;blockquote&gt;
+    &lt;p&gt;A pcap file (capture.pcap)&lt;/p&gt;
+    &lt;p&gt;A powershell dump (powershell.DMP)&lt;/p&gt;
+&lt;/blockquote&gt;
+&lt;p&gt;A lot of times hard difficulty challenges are related to C2 traffic, and in this challenge we are given a pcap file that indicates there is a chance this might be the case. Simply searching for &lt;code&gt;Empire C2&lt;/code&gt; (Empire from the title of the challenge) will yield results related to an Empire C2 Framework.&lt;/p&gt;
+&lt;p&gt;Navigating through some posts, a very good one that I used as a reference while solving the challenge was:&lt;/p&gt;</description>
     </item>
     <item>
       <title>Exploring OneNote Forensic tools</title>

public/categories/malware/index.xml

@@ -279,7 +279,7 @@ <h1 class="post-title entry-hint-parent">
   <a class="next" href="http://localhost:1313/ctfwriteups/empirec2/">
     <span class="title">Next »</span>
     <br>
-    <span>Empire C2 - Writeup</span>
+    <span>Empire is at Risk - Writeup</span>
   </a>
 </nav>