Daily Blog #609: Solution Saturday 1/26/19 - Server 2008 R2 System

Server 2008 R2 System Challenge by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
              Looks like my 2019 streak is now broken, this week we have no qualifying answers. When this happens I take it as a sign that the question was harder than I expected which means I really need to focus on finding a real answer myself. I'll be working on that and the other unanswered challenges in the year to come. Tomorrow come back for another challenge and I'll adjust my questions accordingly.

The winning answer: None this week

The Challenge:
On a Server 2008 R2 system make 4 copies of mimikatz (your choice of versions) 64 bit and 32 bit versions. Run them from 4 locations (of your choice) and determine what criteria determines when and if the executable gets logged in the Syscache hive and what dates are associated with the registry keys. 

Also Read: Daily Blog #608

Post a Comment