Users should expect to hone their skills of network analysis and enumeration, traffic analysis, OSINT, and many other red team tools, methods and techniques while working through the Bat Computer. Network and traffic analysis are core techniques in every security professional’s toolkit, but this box is especially focused on the more niche tools. Completing this challenge requires specific knowledge of data encoding and manipulation techniques, and OSINT skills that would not be found in the average hackthebox challenge. Namely, users will require an understanding of steganography, hidden file systems, hashing, and DC universe lore to fully crack this system. Ultimately the user should have a better appreciation and understanding of how easily a system can be cracked by having unsecure data and files lying about. This understanding of the different vulnerabilities presented in this VM can be applied to different blue team mitigation techniques. This will fundamentally show the user the connection between breaking in and protecting a system.

This box began with LSA, which is a relatively easy to crack VM, but it has been modified extensively. This VM is now more targeted to users with at least 1 year of security experience, as many of the obvious paths have been closed and there are unexpected puzzles throughout. It is a gamified environment, implementing non-traditional puzzles to hide data in plain sight, The Riddler’s specialty. Steganography, data encoding, password hashing, and hidden files and folders are the Riddler’s techniques of choice. Each of these allow for the storage of data in easy to access places while forcing the user to implement their knowledge of red and blue team tools to extract any useful information. This allows the box to act as a test of many skills, but also makes it not particularly equivalent to a real world system, as these puzzles were left by the Riddler, and are not natural vulnerabilities of the system. In order to fully crack this box, users must also utilize their knowledge of network analysis, SMB enumeration, SSH, OSINT, network traffic analysis, and deductive reasoning. If users can utilize these skills well, they will easily be able to exploit the system’s innate vulnerabilities and insecurities created by the users.

The Riddler has broken into the Bat Computer! Carnage will ensue in Gotham if his plans to take over the Bat Computer are not stopped. You must step into the shoes of The Caped Crusader and follow The Riddler’s path to discover how he broke in, and what damage he has caused. The Riddler loves to mock Batman and attack his intelligence by leaving behind valuable descriptions on how he hacked his way into the Bat Computer. The user can use these clues to reverse engineer the Riddler’s path to root the system and recover control. Can you, as Batman, use your detective skills to decipher the clues and work your way back into the system and save Gotham from utter chaos?

To run this OVA you will need Oracle VM VirtualBox