Over the halfway point! (I appreciate week 6 was a while ago, I haven’t had a chance to clean up my write up for this until now). This week we’re looking at email authentication again, trying to identify the actual date of an email. I scraped this one by with only hours to spare, and chatting with the others it was interesting to see the different approaches taken.Read More »
I write my notes as I go along, but sometimes it takes me a bit to get it into a blogable format. This week took a little longer because I had to wait for Armans walkthrough. I got super close to the answer for part 3, but unfortunately missed out on the 100 points.
We’re back looking at EML files to help assist validating a story and identifying forgery, and get to play with an interesting technique!Read More »
Starting this post by admitting it took me a lot longer to get the answers to some of these questions than it should have, because I misunderstood some of the wording of the questions. I ended up going down a lot of RFC-related rabbitholes, only to find that certain parts were theoretical and others practical. Well, we all make mistakes, onto the post!Read More »
Week 3 is over! Well, it went for a couple of weeks, and is no longer active. But it was the third challenge!
This time we went looking into the PST file format, as well as identifying manipulated emails. I found this one a little bit easier than Week 4, which is currently giving me griefRead More »
Back for week 2 of the Metaspike weekly CTF. This week we’ve been given an MSG file containing correspondence between two colleagues. I tried to do this one with entirely free tools again, but there’s a minor caveat that you do need access to Outlook to get the full MSG parsing experience.
Please let me know if there’s a way to do this without Outlook!Read More »
Creating disk images and virtual hard disks can be super useful for testing, which I’ll demonstrate in a future post (that I’ve mostly written, but needed this one to go out beforehand!)
I wrote this a while back, and have finally gotten around to posting it!
Recently tested the use of Certutil to download a file and look for the artefacts. I didn’t find much in the DFIR realm about what this might look like on a system so thought best to post it up!
I wanted to take a quick and dive into this week’s Sunday Funday challenge but didn’t have a whole lot of time, I basically set a timer for an hour or so at the end of the day and found as much as I could, and then compiled it all today. Gotta set a time limit or else the rabbit-hole never ends 🙂
Oleg has already shared his answer and done a decent amount of work to answering the questions. I’m not going to be reinventing the wheel a whole lot, just expanding on what has already been found.
(Note: I’m not going to be answering all of the questions)