Thursday, December 3, 2020

StartMe Up (Forensic Edition)

As part of my own benefit I created a Start.Me page for a bunch of FOSS forensic tools and utilities that I currently have in my toolkit. I've also included RSS feeds for blogs I follow as well as YouTube channels and some other links to sites I frequent.

You can access it at or preview it below (embedding on Blogger isn't the best).

If anyone has suggestions on more items to add or links please feel free to reach out to me on Twitter @KevinPagano3.

*Cues The Rolling Stones*

Monday, November 30, 2020

Magnet Weekly CTF (Week 8) - PHP Cluster

Previous (Android): Week 1 | Week 2 | Week 3 | Week 4

Previous (Linux): Week 5 | Week 6 | Week 7

The last week of Linux month is complete, and I'm glad it was somewhat of a breeze to answer again. We got another 2 parter this week with a focus on installed packages and an insider attacker usecase. 

Challenge 8 (Nov. 23-30) Part 1 (20)

What package(s) were installed by the threat actor? Select the most correct answer!

Tuesday, November 24, 2020

Getting GASF'ed with GIAC

I was lucky enough to take part in the SANS work study program this summer during the DFIR Summit to take the FOR585 Smartphone Forensic Analysis course. If you haven't applied for the work study program, I highly encourage you do as you get to take a training course of your choosing for a steep discount (especially needed for SANS) as well all the fine On-Demand resources including hard copies of the books, and an exam attempt. GIAC tests and their certifications are some of the most coveted in the DFIR industry and may be more difficult without taking the associated training which are pretty much tailored to the certification test.

Monday, November 23, 2020

Magnet Weekly CTF (Week 7) - IP Interfaces

Previous: Week 1 | Week 2 | Week 3 | Week 4 | Week 5 | Week 6

Getting back on the horse (or elephant?) this week with a three part question for Week 7, all about the Hadoop HDFS IP configurations.

Challenge 7 (Nov 16-23) Part 1 Domains and Such (15)

What is the IP address of the HDFS primary node?

Monday, November 16, 2020

Magnet Weekly CTF (Week 6) - Error Codes


Previous: Week 1 | Week 2 | Week 3 | Week 4 | Week 5

To be quite honest, this was a terrible week of CTF'ing for me. My main focus this week was on studying for my SANS GASF exam (more on that later) so I didn't get to dedicate much time in playing. With that said, I was able to complete part 1 of 2, partially by dumb luck.

Challenge 6 (Nov. 9-16) The Elephant in the Room (25)

Part One: Hadoop is a complex framework from Apache used to perform distributed processing of large data sets. Like most frameworks, it relies on many dependencies to run smoothly. Fortunately, it's designed to install all of these dependencies automatically. On the secondary nodes (not the MAIN node) your colleague recollects seeing one particular dependency failed to install correctly. Your task is to find the specific error code that led to this failed dependency installation. [Flag is numeric]