Daily Blog #664: Sunday Funday 4/5/20 - BAM Challenge by David Cowen

BAM Challenge by David Cowen - Hacking Exposed Blog

Hello Reader,
          I hope your ready, Sunday Funday's are back and we are going to challenge you. I'm continuing the trend from last year of making the challenges a week long and with everyone home now I hope you can find a good use of some time here. So let's see what you can do and how we can help the community with your research in this weeks windows execution artifact challenge.

The Prize:

$100 Amazon Giftcard

The Rules:

  1. You must post your answer before Friday 4/10/20 7PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:
We've all heard of the BAM key by now, located in SYSTEM\\services\bam, but what are the limitations? Answer the following questions:
1. What types of programs are not logged in BAM?
2. Are there any paths excluded from BAM?
3. What can cause a program to no longer be listed in the BAM key?
4. When does the BAM get updated?
5. What can update the BAM timestamp?

Post a Comment