Saturday, April 5, 2014

Daly Blog #287: Sunday Funday 4/6/14

Hello Reader,
           It's Sunday, time to show your mental prowess and get down to business in this Sunday Funday forensic challenge. If you watched the Forensic Lunch this week you heard Dave Hull talk about using power shell remoting to hunt for malware across large enterprises (like Microsoft). Keep that in mind and let's see what you understand of the impact of remote IR in this week's challenge.

The Prize:
A $200 Amazon Gift Card




The Rules:
  1. You must post your answer before Monday 4/6/14 8AM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful 
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
What are the different methods you have to remotely connect to a Windows 2008 Server natively and which push what kinds of information that an advanced adversary could use against you.