While my thoughts are fresh on my latest CTF…

Pluses:

• Throughout the event, in top 3. Currently in top 2, but closing out for the day to get other things done.
• Figured out a few things: interrogating VMDKs via extracting them; linking up a shared drive in Kali
• Had some success with python scripting to interrogate Word documents to find hidden data, as well as to find md5 and sha1 hashes. Sha-1 grep string was: ‘[0-9A-Fa-f]{40}’

Need to learn:

• reverse engineering to interrogate malware or other executables
• faster ways to traverse Wireshark data. Getting protocol statistics is a good starting point – want to get better there
• executing random files – need VMs stood up for Windows to have them ready to roll…

Hmmm – I thought the CTF was closing out tonight, but it’s not until Sunday night. I need to carefully tread this, for the sake of my health and marriage..