The Most/Recent Articles

Showing posts with label sunday funday. Show all posts
Showing posts with label sunday funday. Show all posts
timestamps

Daily Blog #814: Sunday Funday 4/20/25

 


Hello Reader, 

It's an Eng world and we are just living in it, unless of course you take the time to put in an entry this week and win! This week we are changing courses to an old file system problem with some utilities.

The Prize:

$100 Amazon Giftcard

 
The Rules:

  1. You must post your answer before Friday 4/25/25 7PM CST (GMT -6)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
  8. AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize. 


The Challenge:

FAT32 does not store a time stamp for access dates, it only records the date. However many tools have or have in the past actually treated the zero time entry as a real time entry and adjusted it for time zones. Test your favorite tools such as , ftk imager, xways, axiom, encase, autopsy your choice but you must submit at least two and show if they are correctly handling FAT32 timestamps.

 

Read More
sunday funday

Daily Blog #813: Solution Saturday 4/19/25

 


Hello Reader, 

Another week has come and gone but Chris Eng's streak continues unbroken! It's up to all of you to decide if you are ready to step up to the challenge tomorrow for this weeks challenge!

 

The Challenge:

It's becoming more common that the first thing an attacker will try to do if they get access to a user's system is extract all of the saved browser passwords. Profile a popular browser password extractor (such as WebBroweerPassView or HackBrowserData) and detail what artifacts are left behind that would reveal their usage on a Windows 11 system. Extra points if you:
a. Try multiple browser password viewing tools
b. Try MacOS as well as Windows

 

The Winning Answer:

Chris Eng / Ogmini Blog

 https://ogmini.github.io/2025/04/14/David-Cowen-Sunday-Funday-Browser-Password-Extraction.html

https://ogmini.github.io/2025/04/15/LaZagne-Artifacts.html

https://ogmini.github.io/2025/04/16/WebBrowserPassView-Artifacts.html

https://ogmini.github.io/2025/04/18/HackBrowserData-Artifacts.html


Read More
sunday funday

Daily Blog #807: Sunday Funday 4/13/25

 


Hello Reader, 

This week I'm hoping for more of you to get involved and give Chris Eng some competition. With that in mind I'm going to make this challenge as accessible as possible but still have an outcome that increases the overall knowledge of the field. So let's get started on this week's browser stored credential challenge.

The Prize:

$100 Amazon Giftcard

 
The Rules:

  1. You must post your answer before Friday 4/18/25 7PM CST (GMT -6)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
  8. AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize. 


The Challenge:

It's becoming more common that the first thing an attacker will try to do if they get access to a user's system is extract all of the saved browser passwords. Profile a popular browser password extractor (such as WebBroweerPassView or HackBrowserData) and detail what artifacts are left behind that would reveal their usage on a Windows 11 system. Extra points if you:
a. Try multiple browser password viewing tools
b. Try MacOS as well as Windows

Read More
wsl

Daily Blog #806: Solution Saturday 4/12/25

 


Hello Reader, 

This week Chris Eng comes back again with some research in his own Daily Blogs about WSL. While I think we can all appreciate Chris's winning streak I'm looking for all of you to come out in force this coming week to challenge him for a win!

 

The Challenge:

What artifacts are left behind when running a docker container using Ubuntu WSL (which I believe is the default standard. Bonus points for artifacts that reflect interactions between the container and the host.

 

The winning answer:

Chris Eng / OG Mini Blog

https://ogmini.github.io/2025/04/08/David-Cowen-Sunday-Funday-WSL-Docker.html

https://ogmini.github.io/2025/04/10/WSL-Docker-Part-2.html

https://ogmini.github.io/2025/04/11/WSL-Docker-Part-3.html

Read More
wsl

Daily Blog #800: Sunday Funday 4/6/25

Hello Reader, 

This week I wanted to turn your attention to WSL or Windows Subsystem for Linux. With WSL becoming more common on windows systems for things like Docker its been awhile since I've seen a lot of research around whats left behind from it's usage. Let's see what you can do!

The Prize:

$100 Amazon Giftcard

 
The Rules:

  1. You must post your answer before Friday 4/11/25 7PM CST (GMT -6)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
  8. AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize. 


The Challenge:

What artifacts are left behind when running a docker container using Ubuntu WSL (which I believe is the default standard. Bonus points for artifacts that reflect interactions between the container and the host.

Also Read: Daily Blog #799: Solution Saturday 4/5/25


Read More
sunday funday

Daily Blog #799: Solution Saturday 4/5/25


Hello Reader, 

This week no one managed to submit a full answer as I did ask for all three major clouds. The closest with Chris Eng who did a full review of Azure and found times that were much faster than the last time I checked! It does look like I need to go back and do my own tests and write them up here.


The Challenge:

For the main cloud providers (AWS, Azure, Google Cloud) determine how long it takes from you performing the action the log being available for the following actions:

1. Logging in successfully

2. Failing to login

3. Changing a users permissions

4. Deleting a user

5. Creating a user 

The Winning Answer:

Chris Eng / OG Mini Blog

https://ogmini.github.io/2025/04/02/David-Cowen-Sunday-Funday-Cloud-Log-Delays.html


Also Read:  Forensic Lunch Test Kitchen 4/4/25 - Using Replit!


Read More
sunday funday

Daily Blog #793: Sunday Funday 3/30/25

 


Hello Reader, 

Every week I ask myself, what do we not know? This week I want to focus your combined attentions to log delivery delays in the cloud. Each cloud has pros and cons when using it, so lets find out which one gets you failed logins the fastest.

The Prize:

$100 Amazon Giftcard

The Rules:

  1. You must post your answer before Friday 4/4/25 7PM CST (GMT -6)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
  8. AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize. 


The Challenge:

For the main cloud providers (AWS, Azure, Google Cloud) determine how long it takes from you performing the action the log being available for the following actions:

1. Logging in successfully

2. Failing to login

3. Changing a users permissions

4. Deleting a user

5. Creating a user


Also Read: Daily Blog #792: Solution Saturday 3/29/25

Read More
windows

Daily Blog #792: Solution Saturday 3/29/25

Hello Reader,

This week we challenged you to find out what SSH artifacts are left behind on Windows systems that now have native SSH servers and clients. It shouldn't be a surprise that the person who suggested the Windows angle was also the person who won! Congrats to Chris Eng!

 

The Challenge:

 Test what artifacts are left behind from SSHing into a Windows 11 or 10 system using the native SSH server. Bonus points for tunnels.

 

The Winning Answer:

Chris Eng at the OG mini blog:

https://ogmini.github.io/2025/03/25/David-Cowen-Sunday-Funday-SSH-Windows.html

https://ogmini.github.io/2025/03/26/Windows-SSH-Testing-Part-1.html

https://ogmini.github.io/2025/03/27/Windows-SSH-Testing-Part-2.html

https://ogmini.github.io/2025/03/28/Windows-SSH-Testing-Part-3.html


Also Read: Daily Blog #792: Solution Saturday 3/29/25

Read More
Subscribe to: Posts ( Atom )