Daily Blog #701: Magnet Virtual Summit CTF 2020 Results

Hello Reader,

         If you watched the live commentary boy were you in for a treat! So much so that I deleted the video afterwords. No reason to let that hot mess live on forever.

What will live on forever though is the winners of the CTF!

Congratulations Evangelos aka theAtropos4n6 for winning 1st place! We will hopefully see you on the Forensic Lunch friday!

In second place was Oleg Skulkin aka 0x136 with the long time CTF feud between evandrix of Singapore and Adam Harris aka harrisonamj going to evandrix this time for the 3rd place finish.

Also Read: Daily Blog #700

Read More

Daily Blog #695: Magnet Virtual Summit CTF Live Commentary!

Hello Reader,
      If your going to play the Magnet Virtual CTF or just want to watch as others do then join:

• Brian Moran - Famous social media influencer and well known campaign manager 
• Matthew Seyer - Master of rabbits, maker of beards and eater of tacos
• Myself

As we provide live commentary digging deep into the questions, contestants and scores as we watch things heat up! Hopefully this will be a successful experiment!

So tune in if your playing to see how your competitors are doing, or just tune in to see how its going and ask questions to see how you would do!

You can watch live 5/12 at 4:30PM CDT (GMT -5) here:

https://youtu.be/igLM_2bSAuw

Also Read: Daily Blog #694 - AZCopy and SAS Tokens

Read More

Daily Blog #663: Magnet Virtual Summit 2020

Hello Reader,

      Next month I was supposed to be eating hot chicken with all of you in Nashville at the Magnet User Summit (MUS) but since it's still corona time this too has moved to a virtual format. The conference now called the Magnet Virtual Summit (MVS) is set for the whole month of may, it's Magnet in May!

What's even more interesting is that Magnet has decided to make MVS free for anyone who wants to virtually attend and will have a month of speakers (http://www.magnetvirtualsummit.com/speakers) a virtual CTF created by Champlain's DFA and Jessica Hyde and of course we will be doing a Forensic Lunch with the winner.

Speaking of the virtual CTF, since we are not running the CTF this year we will be joined by campaign manager extraordinaire Brian Moran in providing commentary on our YouTube channel so everyone can follow along at home. Expect expert insights, bad jokes and team nicknames to fly as we watch the scoreboard and cheer on the competitors.

So go here to register (http://www.magnetvirtualsummit.com/registration) and get ready for daily content starting May 4th through the end of May. It's great to see so many vendors making the best of the current situation and bring us something that benefits everyone.

Tomorrow, come back for Sunday Funday!

Also Read: Daily Blog #662

Read More

2019 Unofficial Defcon DFIR CTF

Hello Reader,
       It's that time again! First of all here is the important things you came here for:

1. Link to download this years images:

https://www.dropbox.com/sh/4qfk1miauqbvqst/AAAVCI1G8Sc8xMoqK_TtmSbia?dl=0

2. Link to the CTF site:

https://defcon2019.ctfd.io/

This year Champlain College's Digital Forensic Association saved the

day by providing a CTF they hadn't released to the general public. Matt and I have been a little busy with the whole changing our lives into KPMG thing so without them there would be no CTF this year.

Prizes:
1st. DFIR Netwars Continuous from SANS  (to last years winner I'm going to get yours resolved)
2nd. Magnet Forensics Prize Pack
3rd.Write Blocker and a copy of Eoghan Casey's Cybercrime book donated by BriMor Labs

The contest starts TODAY 8/9/2019 for those onsite at Defcon. You must be present to win.

The contest ends Sunday at 10am PST at which point we will notify winners.

Also Read: Daily Blog #664: Sunday Funday 4/5/20 - BAM Challenge by David Cowen

Read More

Daily Blog #658: MUS 2019 DFIR CTF Perfect Score Achieved

Hello Reader,
           Just a note that we already have a perfect score winner!

Congratulations to Plop aka Bastien Lardy who I will be contacting about their prize!

The CTF will remain up for quite some time to allow all of you a chance to learn and get ready for the big DFIR CTF of the year, the Defcon Unofficial DFIR CTF!

Also Read: Daily Blog #657

Read More

Daily Blog #657: MUS2019 DFIR CTF Open to the Public

Hello Reader,
    The DFIR CTF that we ran at the magnet user summit is now open to the public.

You can download the evidence and a 30 day license key for Magnet Axiom here:
https://drive.google.com/drive/u/0/mobile/folders/1E0lELj9NouMwSMGZCI7lXWRqYE2uQCpW?usp=sharing

You can register for the CTF and play here:
https://mus2019.ctfd.io/

Also Read: Daily Blog #656

Read More

Daily Blog #655: Magnet User Summit DFIR CTF 2019 Results

Hello Reader,
             We had a great CTF today that will soon be released to the public. I'm happy to announce the top three winners.

#1 Kevin Pagano
#2 Jonathan Rajewski
#3 Santiago Ayala

Prizes were given away and more prizes await those who will now compete in the online public offering that will be released Thursday Until then you can see the current scoreboard here:


https://mus2019.ctfd.io/scoreboard

You can also register for an account in expectation of Thursday, the CTF is currently paused until then.

Also Read: Daily Blog #654

Read More

Daily Blog #652: Seeking Sponsor for the Unofficial Defcon DFIR CTF 2019

Hello Reader,
        Do you or your company want to provide a prize for the Unofficial Defcon DFIR CTF now in its third year? If so email me at dcowen@g-cpartners.com so we can talk. In the past SANS, Magnet Forensics, Blackbag and Metaspike have all graciously provided prizes for our worthy contenders and we'd like to open this up to all of you.

The Defcon DFIR CTF usually gets 100+ players during the events and 100s more once the CTF is opened to the public. I'd like to expand the prize pool so we can award more cool things to more people in three groups.

1. Top finishers at Defcon
2. Top finishers online
3. Noteworthy achievements (Like first perfect score)

So reach out if you are interested and I hope to hear from you soon.

Also Read: Sunday Funday 3/24/19 - FRS Google Cloud Platform Challenge

Read More

Daily Blog #620: Magnet User Summit 2018 CTFD Site is Closing

Hello Reader,
              With the 2019 Magnet User Summit coming up and with it the DFIR CTF we are working on for it I think it's time that I close down the 2018 site. You can access it for the month of February here:

https://magnetctf.ctfd.io/

Why shut it down?

Well CTFd charges me $100 a month for the hosting and I user registrations have stopped adding and we new/better challenges coming so I'd rather use that money for this years CTF!

So if you haven't tried last years Magnet CTF this is your chance, I will be ending it 3/1/19.

Also Read: Daily Blog #619

Read More

Daily Blog #539: Forensic Lunch and CTF at Magnet User Summit 2019

Hello Reader,
              Now that Magnet has announced that this years Magnet User Summit will be April 2-3, 2019 in Nashville, TN I can announce that we will be doing two things there.

First you can find out more about MUS here https://www.magnetusersummit.com/

1. Matt and I will be doing a live Forensic Lunch broadcast from the Magnet User Summit. If you come to the MUS you can either participate in the Audience or come on stage with us! This year we are going to try to bring back the DFIR games to get people to compete and show their DFIR knwoeldge!

2. Matt and I will be hosting another DFIR CTF! We created and hosted two DFIR CTF's last year (Magnet and Defcon) and are currently in planning mode for the MUS DFIR CTF 2019. There will be fun challenges, new evidence and prizes for those who win onsite!

I'll talk to Magnet to see if they want to open it up for online prizes as well.

I hope to see you out there! We can talk DFIR and eat some hot chicken!

Also Read: Daily Blog #538

Read More

Daily Blog #455: Perfect Score in the Defcon DFIR CTF

Hello Reader,
       This post serves to congratulate @gh0stp0p on achieving the first perfect score in the Defcon DFIR CTF! She has not only won the admiration of her peers but also a license of Forensic Email Collector. For those still wanting to play, or still playing, we will leave the CTF up for at least a month before we move onto the next project.

As a reminder the CTF is located here:

https://defcon2018.ctfd.io/

And you can download the images here:

https://www.hecfblog.com/2018/08/daily-blog-451-defcon-dfir-ctf-2018.html

Thanks everyone for playing and hopefully you will learn something from the experience! Next time we will up the difficulty. 

Also Read: SQLite Write Ahead Logs and Python

Read More

Daily Blog #453: Winners of the Unofficial Defcon DFIR CTF

Hello Reader,
        I realized that while I posted this on twitter I did not share this on the blog which is the more permanent record of things. First this years Defcon DFIR CTF was sponsored by:

SANS - Donating 1st prize access to DFIR Netwars Continuous for a year and lego minifigs
Also if you were in the blue team village at just the right time we brought out SANS tshirts, polos, keychains and posters that quickly disappeared.

 Magnet Forensics - Donating a really cool backpack that contained a license of AXIOM, a magnet water bottle, magnet external cell phone battery and a cool magnet pen.

 Blackbag Forensics - Donating a license of Blacklight and a really cool insulated drink cup (like a yeti or rtic but with a very nicely done blackbag logo)

 MetaSpike - Who donated a license of Forensic Email Collector which will go to whoever gets the first perfect score in the Defcon DFIR CTF!

• 1st Place went to Hadar Yudovich @hadar0x

• 2nd Place went to Phill Moore @Phillmoore

• 3rd Place was a tie between Jessica Hyde @b1n2h3x and Jan Wichanski @JanWichanski

Also Read: Dealing with deleted shadow copies

Read More

Daily Blog #451: Defcon DFIR CTF 2018 Open to the Public

Hello Reader,
            This year at Defcon we made things interesting with a challenge that involves making your way through 3 images to answer questions and solve a case. Now that Defcon is over and the winners awarded it's your turn to give the challenge a try.

The first image password is 'tacoproblems'
The second and third image password is gained by answering the right questions in the CTF.


CTF Site:
https://defcon2018.ctfd.io/

Download Links:
Image 1:
https://www.dropbox.com/s/1q4f0fowo8048mq/Image1.7z?dl=0

Image 2:
https://www.dropbox.com/s/9gzjfqkl8uup58k/Image2.7z?dl=0

Image 3:
https://www.dropbox.com/s/jvaqb4rfi3jojbk/Image3.7z?dl=0

Also Read: Daily Blog #450

Read More

Daily Blog #448: Defcon DFIR CTF update

Hello Reader,
      Another late post after a long day in Vegas. We launched the ctf today and already have a fight for the top 3 spots. As more people get the evidence I'm expecting it to get really interesting.

We initially planned to do a live stream today but spent most of the day finishing the last questions so I expect we will do the stream tomorrow instead.

For those who want to watch the scoreboard go to
https://defcon2018.ctfd.io/scoreboard

To follow along, the contest ends tomorrow nighy! There is a long time for everything to change by then.

As before once the event is over we will make the images public and everyone can play, just without prizes.

Also Read: Daily Blog #447

Read More

Daily Blog #447 Defcon 2018 Forensic CTF

Hello Reader,

Just a reminder that the ctf starts tomorrow afternoon. If you are in Vegas and have not signed up yet here is the link:

https://www.eventbrite.com/e/unofficial-defcon-dfir-ctf-2018-tickets-47978189055?ref=estw

Prizes:
1st. DFIR Netwars Continuous for a year from SANS and. Lego mini fig

2nd. Magnet prize loaded backpack, Lego mini fig and license of forensic email collector

3rd. Blackbag prize pack

It's not too late to sign up, get ready!

Also Read: Sparse image blues

Read More

Daily Blog #435: Forensic Lunch 7/27/18 - Discussion on BitLocker, Defcon DFIR CTF and More

Hello Reader,
           Greetings from my flight from Abu Dhabi to Dallas, Texas. We had a Forensic Lunch today with just Matt and I talking about Bitlocker, the Defcon DFIR CTF and making future challenges and test images with the possibility of live streaming us watching machines get compromised. Unfortunately I was doing this from a hotel so the stream got disconnect midway through so its in two parts.

Here is the first part:
https://www.youtube.com/watch?v=0uHUF7AXVHg

here is the second:
https://www.youtube.com/watch?v=x3Grhz5f6TU

Normally I would embed the videos but the inflight wifi is blocking Youtube and my VPN isn't working. In good news though in 14 more hours I'll be back in Texas and able to get back to a regular schedule.

Hope you enjoy!

Also Read: Daily Blog #434

Read More

Daily Blog #420: 2018 Unofficial Defcon CTF Update

Hello Reader,
           In the first 24 hours we've already had 39 signups for the CTF, last year we had 125 and I've expanded the initial amount to 200 to start with. I wanted to provide an update because we are going to cap this to keep it manageable and I expect that we are going to hit our max again this year.

Why do I expect to hit the max? Well if you consider there are over 10,000 people at Defcon then 200 is only .02% of the total population. We think there are more DFIR and DFIR interested people at Defcon than most of us realize and our hope is to build the interest into a community there to bring people into out world that may not realize we exist.

Make sure to sign up here:

https://www.eventbrite.com/e/unofficial-defcon-dfir-ctf-2018-tickets-47978189055

Also Read: Daily Blog #419

Read More

Daily Blog #419: Unofficial Defcon DFIR CTF 2018

Hello Reader,
            Matt and I are working on creating the evidence you will be examining for next months Unofficial Defcon DFIR CTF! This post is here to let you know that:

1. We plan to do it again this year
2. We will be distributing the files electronically this year, no in person transfer needed
3. Signups will happen through CTFd I'll be posting the link closer to Defcon
4. If you or your company wants to supply a prize we open to working with you on that. Last year we did it in partnership with SANS who provided DFIR Netwars Continuous to the winners
5. This years scenario is set to be much more involved than last years, if everything we are planning works out
6. We are still planning on restricting this to people who are in Las Vegas for the event. Why? So we can get everyone who qualifies together at the end

We had a lot of fun last year and we look forward to meeting new talented examiners this year.

You can sign up here:

https://www.eventbrite.com/e/unofficial-defcon-dfir-ctf-2018-tickets-47978189055

Matt and I will be doing a live stream during the event to provide some commentary on how it's going. This is something we wanted to do after the Magnet CTF and it should be fun.

Also Read: Daily Blog #418

Read More

Daily Blog #401: Magnet User Summit CTF is now open to the public

Hello Reader,
              Yesterday we released the evidence files and today since I am on a train going to Canberra at the moment and can't exactly record a Test Kitchen and subject a train full of people to that I am opening up the CTF site for public access.

Go here:

https://magnetctf.ctfd.io/challenges

Register a team and start submitting!

Have fun!

Also Read: Daily Blog #400

Read More