Loading page
Review the challenge brief, files, and requirements.
Analyze this ETW patching technique and identify the critical bytes.
To blind ETW telemetry, malware patches EtwEventWrite so it never executes:
Original: 4C 8B DC mov r11, rsp
49 89 5B 08 mov [r11+8], rbx
...
Determine the minimal patch needed to neutralize this function. The flag is the MD5 hash of those patch bytes as a lowercase hex string.
Sign in to attempt this challenge.
Use Proving Grounds to continue your challenge practice.
Open Proving Grounds