Our email forensics CTF closed yesterday. Big congrats to the top three: @sgreenwald, Phill Moore, and Tristan Jenkinson We put up a page with additional details:
Also, the live event where we will solve challenges 6 through 10 has been scheduled for March 3rd! Save your spot here:
This should be an interesting watch even if you did not participate in the CTF as we will cover topics such as:
- Decoding hidden timestamps
- Message reconstruction via DKIM
- Authenticating emails based on their appearance
- Recovering deleted attachments from MAPI items
- Leveraging recovered OAuth tokens to gain access to mailboxes
- Talking to Gmail API directly
- Examining Gmail History records to make your own audit trail
I hope this has been a fun experience for those of you who participated. I personally had a blast!
We had over 500 registered participants who made thousands of submissions. It was great fun to think up the challenges, solve the first 5 live, and chat with fellow examiners who share very similar interests. It is fair to say that we had a fantastic group of people with extraordinary skills—email forensics is a niche within a niche, and they were able to adapt and navigate the challenges with little outside documentation and prior research available.
Looking forward to the next one!