This week was rather quick, but a slight departure from your standard memory forensics questions. I rather liked that and it gave me the chance to discover a new tool I’d never used before.

Question: What is the IPv4 address that myaccount.google.com resolves to?

Hmm, I’d used all the network-related…

I remember thinking last week that they hit a lot of the common memory analysis tasks with Volatility so I was thinking “I hope they give us a challenge on the next one”.

The questions started off rather easy, asking about a connection to a Google server. …

Well, this was a rather lengthy one, so we’ll just get started.

This month the CTF is focused on a Windows Memory image.

Question: The user had a conversation with themselves about changing their password. What was the password they were contemplating changing too.

I found this one in a…

This week was more centered around Incident Response, which isn’t normally in my wheelhouse, so I Was excited to maybe learn a few tricks.

The first part of the question was asking what package was installed by the attacker. Considering some of the previous questions, I immediately went to a…

OK, this week was short and sweet, more of a scavenger hunt style. A much needed break from the last couple weeks which have been pretty rough.

Question: What is the IP address of the HDFS primary node?

I went looking around the typical Linux places, but remembered we were…

Ok, well this week I knew was going to be rough, but I didn’t know I was going to need this much luck.

This week’s question was a bit “off the beaten path” in terms of forensics, the question was to find the file name associated with a block ID…

This week’s task was to find a GUID related to “phishing”. Now, because I had done the CTF put on by Magnet this summer in-lieu of their in-person Summit, I had a hunch on where to begin.

So I immediately went to the Evernote application folder “/data/com.evernote/files/” and found the…

Trying my hand at this blogging thing. I’ve enjoyed the weekly CTFs that Magnet has been putting on. I found this week pretty interesting and I don’t think I would have figured it out had it not been for the hint dropped in the weekly webcast.

The question asked “Which…

JR

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store