n00bzUnit3d

n00bzUnit3d is hosting the third edition of n00bzCTF! Team Limit: 4 CTFTime: ctftime.org/event/2378 Website: ctf.n00bzUnit3d.xyz Discord: discord.gg/Kze7sjpgf7 Prizes worth $7500! A great thanks to @osec_io @hackthebox_eu @BurpBounty @_zSecurity_ and @offsectraining

@pmelson @shishcat8214 @Namecheap @ScumBots Yes, it was an attachment for a malware analysis challenge from our CTF, and we explicitly mentioned that it is an "empire stager".

@n00bzunit3d @shishcat8214 @Namecheap @ScumBots Just so I understand, you’re confirming that file I shared the link for from Pastebin is one you generated for the CTF?

Hi @Namecheap team! This domain (n00bzunit3d[.]xyz) is hosting Empire malware C2. Can you take them offline please?

@pmelson @shishcat8214 @Namecheap @ScumBots Hey, thank you! We actually did not know that the challenge file had been uploaded to Pastebin, cause that generally makes it look fishy. Just a tip for your bot: Maybe visit the sites to make sure they are actually bad? Just a thought, no hard feelings :)

@shishcat8214 @Namecheap @ScumBots I’m sorry you were inconvenienced, genuinely I am. But it was a legit abuse report based on available information. I will add “n00bzunit3d[.]xyz” to @ScumBots bogon list so it won’t report on your domain again in the future.

@pmelson @Namecheap @ScumBots And I would also appreciate if you could send me the source from which you obtained the said samples. It might be that the source is from github.com/n00bzUnit3d/n0…, or somewhere similar, which is just a part of our previous CTF. It's just a dummy for a forensics challenge.

@n00bzunit3d @Namecheap @ScumBots I verified the @ScumBots run - it is definitely DOSfuscated PowerShell Empire. The detection and C2 extraction are correct. Happy to provide further details if it’s helpful.

@pmelson @Namecheap @ScumBots Hey Paul, I really don't think there is anything there, wiki[.]n00bzunit3d[.]xyz:8080 just redirects to the main wiki page, but if you think I'm wrong, please dm me. If there is anything bad going on, I would appreciate help in getting it resolved - not getting banned permanently

@GossiTheDog Well seems like our CTF is getting promoted for next year😝

@frekason @GossiTheDog The CTF got over a week ago, the bot which actually tweeted about us went through our writeups repo (github.com/n00bzUnit3d/n0…). We had a challenge with a dummy empire stager with the link to wiki[.]n00bzunit3d[.]xyz port 8080 which it thought is "live malware" and had us nuked😂

@GossiTheDog Turns out it was a live CTF site and it was restored

@Namecheap @pmelson @ScumBots Hey, the domain is back up! Thank you!

@n00bzunit3d @pmelson @ScumBots Hello, let us check it.

@pmelson @Namecheap If you still believe that we are hosting malware, please email/dm me - we need the domain.

@pmelson @Namecheap Maybe you thought it is malware because there was a forensics challenge in our ctf which posed the wiki domain as a malware hosting domain. It was fake and there was no malware - it was just for the flag. Link to the challenge writeup: github.com/n00bzUnit3d/n0…

@pmelson @Namecheap There is absolutely nothing on port 8080, it's the same as the main site (try visiting wiki-ekrya.ondigitalocean.app./ and wiki-ekrya.ondigitalocean.app.:8080, it's the SAME FILE).

A very big thanks to OtterSec for sponsoring n00bzCTF. Thanks to them for helping us have cash prizes :)

DigitalOcean is sponsoring prizes for our CTF! Check them out at digitalocean.com. Register now at ctf.n00bzunit3d.xyz

We are glad to announce that our infra is sponsored by goo.gle/ctfsponsorship! Register now at ctf.n00bzunit3d.xyz

Big thanks to Burp Bounty for sponsoring prizes for n00bzCTF! Check them out at burpbounty.net. Register now at ctf.n00bzunit3d.xyz.

n00bzCTF is now on CTFtime at ctftime.org/event/1657 ! Register here: ctf.n00bzunit3d.xyz We hope to see you at the scoreboard!