Subject: Forensics
Why forensics? Often, when I talk about CTFs to people, they picture it being solely about exploiting boxes at Defcon. While exploiting is indeed a flashy part of CTFs, it is only a portion of the skills used to qualify or compete in a CTF.
This month’s meeting is to inform/remind people that there are other aspects involved. Cryptography, recon, reverse engineering, network and web exploitation, and forensics!
Challenge of the month is http://computer-forensics.sans.org/blog/2014/01/10/deadline-approaching-apt-malware-and-memory-challenge-dfircon
Answer three out of five questions of this memory dump, and you can possibly win a free SANS Simulcast class!!!
At the meeting I’ll be going of the tools and techniques I used to answer the question. Unless I fail at it, which in that case I’m going to give a demo on using Mandiant Redline to perform forensics in an incident response capacity.
Also, feel free to meet other people interested in competing in CTF. Form teams, or recruit.
-gomi
Related