Question: What is the exact URL of the start page for Internet Explorer?
Points: 100
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: no hint
Answer: http://www.virustotal.com/
Note: NTUSER.DAT\Software\Windows\Internet Explorer\Main
Sunday, May 10, 2020
Find Chrome Version from Windows Registry: Cal Poly FAST CTF Challenge 20
Question: What is the exact version of Google Chrome installed?
Points: 100
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: no hint
Answer: 49.0.2623.112
Note: NTUSER.DAT\Software\Google\Chrome\BLBeacon
User Assist Forensics 2: Cal Poly FAST CTF Challenge 19
Question: When was the last date ProcMon.exe was run? FORMAT: YYYY-MM-DD
Points: 200
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: None
Answer: 2017-04-18
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssit\GUID\Count
Points: 200
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: None
Answer: 2017-04-18
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssit\GUID\Count
User Assist Forensics: Cal Poly FAST CTF Challenge 18
Question: How many times was minesweeper run? FORMAT: ##
Points: 200
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: None
Answer: 06
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssit\GUID\Count
Points: 200
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: None
Answer: 06
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssit\GUID\Count
Run Dialog Forensics: Cal Poly CTF Challenge 17
Question: What is the 2nd command ran in the Windows run dialog box?
Points: 150
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: abc denotes the order.
Answer: syskey
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Points: 150
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: abc denotes the order.
Answer: syskey
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
NTUSER.DAT Forensics 1: Finding the Most Recent Document
Question: What is the target name of the least recent most recent document opened in explorer?
Points: 150
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: none
Answer: POS2009.txt
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
This is the first in a series of forensics questions based around the NTUSER.DAT file, which is the registry hive for the user profile. This questions is intentionally worded in a confusing way, as we are looking for the oldest document in the "Recent Documents".
First, we'll use
Points: 150
Download File from: https://github.com/mfput/CTF-Questions/raw/master/NTUSER.DAT
Hint: none
Answer: POS2009.txt
Note: NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
This is the first in a series of forensics questions based around the NTUSER.DAT file, which is the registry hive for the user profile. This questions is intentionally worded in a confusing way, as we are looking for the oldest document in the "Recent Documents".
First, we'll use
Searching for Specific Processes in Windows Event Logs - Cal Poly FAST CTF Challenge 15
Question: How many times did VMware tools change the system time?
Points: 110
Download File from: https://github.com/mfput/CTF-Questions/raw/master/Security
Hint: A change in time is a change in the security state.
Answer: 19
Points: 110
Download File from: https://github.com/mfput/CTF-Questions/raw/master/Security
Hint: A change in time is a change in the security state.
Answer: 19
Subscribe to:
Posts (Atom)