I am by no means a security professional. Well.. technically I am, but, this isn’t advice. This is just written for entertainment purposes. Don’t sue me. Also, pictures of our Australian native bees to break up the wall of text. I recently had a friend of mine get his discord account hacked, I helped guide him through what process he should take to resolve and more importantly prevent this in the future.

The Elastic CTF is a capture the flag competition that I built based on the Elastic Stack (formerly ELK Stack). I created it for the Sectalks Ninja Night as a way to give back something to the community that has given me so much. It was designed to give people a chance to play with a platform that is used quite often in security teams in many companies. This was my first time developing a CTF challenge and I hope I get the chance to do it again another time.

This is a walkthrough for the Elastic Stack CTF scenario that was run for the Sectalks Ninja Night 0x08 (9th). The CTF is available to be spun up from my repository, for more information visit HERE. Feel free to spin it up and give it a go. Scenario: Overnight we’ve had an attack on our network, we have two devices in the cloud and it appears both have been compromised.

Enumeration Full nmap scan nmap -A -p- -o nmap.all.tcp 10.10.10.169 A - enable OS, version and script detection (-sV, -sC, -O) p- - test all ports … PORT STATE SERVICE VERSION 53/tcp open tcpwrapped 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2020-05-18 12:10:06Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: megabank.local, Site: Default-First-Site-Name) 445/tcp open microsoft-ds Windows Server 2016 Standard 14393 microsoft-ds (workgroup: MEGABANK) 464/tcp open kpasswd5?

The Elastic Stack (formerly the ELK Stack) is composed of 4 core open source tools that create the stack, these tools combined allow for data to be taken from any source securely and used to search, analyse and visualise in real time. The core components consist of: Elasticsearch is a distributed database that is easily searchable Logstash is a data ingestor that is used to filter and customise your data Kibana is the user interface that is used to analyse and visualise data in real time Beats are the simple, lightweight and quick data shipping programs What can Elastic Stack be used for?