Dinosaur Helpdesk System
Welcome to NoShitSecurity, a place for you to find your foothold in the cybersecurity industry.
Our challenges feature everything from simple cipher suites and steganography to advanced binary exploitation and shellcode– not to mention black boxes built on cutting-edge cloud architecture to help you practice like a pro. Our course and challenge architects are incredibly capable, and always ready to help you learn.
Everything you will need to complete our current challenges is listed below
Click here to open a tab to the CyberChef suite of tools; pin this tab
Click here for our essential terminal resources (Special thanks to Nate Landau)
Click here to snag a copy of Karkinos; use this like CyberChef
Click here for the Photopea image processor (like Photoshop)
Click here for Rick DeJager’s Stegseek, the world’s fastest steghide cracker
Click here for Pedro Augusta’s PNG steganography online tool
Click here for Chiragh Arora’s article covering EXIFtool features and usage
Click here for Dheeraj Gupta’s article covering Steghide features and usage
Click here for Vivek Gite’s comprehensive guide to the Unix “dig” utility
Click here for information about PGP and cryptography in general
Click here for information about the Wireshark protocol analyzer
Click here for information about Binwalk from ReFirm Labs
Click here for information about Nmap from Gordon Lyon
Click here for FinalRecon — The last recon tool you’ll need
Glossary of techniques and concepts used in our challenges
Obfuscation is a method of encoding things; usually very easy to reverse (ROT13, ROT47, Base64)
Symbol replacement encryption means that the symbols require a cipher or key to understand
The Vigenère cipher was considered the greatest advancement in cryptography in over 1000 years
The process of encrypting and decrypting messages involves keys; it works forwards and backwards
Techniques for designing and implementing algorithm designs are called algorithm design patterns
In symmetric-key cryptography, a single key is used to encrypt or decrypt a body of data
In public-key cryptography, one key decrypts or verifies what the other key encrypts or signs
Steganography is the practice of concealing a message within another message or a physical object
Challenge Authentication Protocol (CHAP) requires you to encode a string with a known secret
CHAP can be used alongside public-key infrastructure to securely create an encrypted TLS tunnel
Zero-knowledge proofs allow a subject to generate a proof of some statement only when they are in
possession of certain asset or secret information connected to the statement
Zero-knowledge password proofs can be used to generate a proof of knowledge without recording,
sharing, or revealing the internal workings of a given algorithm design pattern
Triple DES with three independent keys is still in use today by the electronic payment industry
The One-Time Pad is a version of old military technology (1882) that is still in use today
A Vernam cipher whose key is as long as the message becomes a one-time pad, a theoretically
unbreakable cipher
A Skipjack cipher uses a method of A/B handoff by alternating between word block sequences
Cryptanalysis is used to gain access to the contents of encrypted messages when the key that was
used to encrypt or encode the data is unknown to the analyst
Differential cryptanalysis is the study of how differences in information at the input layer can
affect the resultant difference at the output layer of an algorithm design pattern
A round or round function is a basic transformation that is repeated or iterated multiple times
inside the algorithm, used to circumvent differential cryptanalysis
A related-key attack is any form of cryptanalysis where the attacker can observe the operation of
a cipher under several different keys whose values are initially unknown
A slide attack is a form of cryptanalysis designed to deal with the prevailing idea that even weak
ciphers can become very strong by increasing the number of rounds to ward off differential attacks
Once a slid pair is identified, the cipher is broken because of the vulnerability to known-plaintext
attacks, as the key or keys can easily be extracted from this pairing
A ciphertext-only attack (COA) is an attack model for cryptanalysis where the attacker is assumed
to have some knowledge of the plaintext
A known-plaintext attack (KPA) can be performed when the attacker has access to both the plaintext
(called a crib) and its ciphertext. This technique can be used to reveal single keys or code books
A crib is a plain language (or code) passage of any length, and is usually obtained by solving
one or more cipher or code messages, occurring or believed likely to occur in a different cipher
A mimic function changes a file (or a string) to assume the statistical properties of another
Frequency analysis is the study of the frequency of letters or groups of letters in a ciphertext
When a cipher method does not provide sufficient length for frequency analysis, it may be feasible
to brute force keys and visually inspect the results for a possible plaintext or crib
A Markov chain or Markov process is a stochastic process describing a sequence of possible events
in which the probability of each event depends only on the state attained in the previous event
Digital forensics is a branch of forensic science encompassing the recovery and investigation
of material found in digital content or devices
Open-source intelligence (OSINT) is a multi-factor (qualitative, quantitative) methodology for
collecting, analyzing and making decisions about data accessible in publicly available sources
to be used in an intelligence context
Machine learning is a field of study in artificial intelligence concerned with the development
and study of statistical algorithms that can learn from data and generalise to unseen data, and
thus perform tasks without explicit instructions
Check back for more information as it becomes available
If you are having trouble with your physical key, please contact support@noshitsecurity.com