End of 2020 - 2021 Email Forensics CTF

Hello everyone,

Our email forensics CTF closed yesterday. Big congrats to the top three: @sgreenwald, Phill Moore, and Tristan Jenkinson :rocket: We put up a page with additional details:


Also, the live event where we will solve challenges 6 through 10 has been scheduled for March 3rd! Save your spot here:

Email Forensics Workshop — CTF Edition — Part 2 - Forensic Email Collector Educational Series by Metaspike

This should be an interesting watch even if you did not participate in the CTF as we will cover topics such as:

  • Decoding hidden timestamps
  • Message reconstruction via DKIM
  • Authenticating emails based on their appearance
  • Recovering deleted attachments from MAPI items
  • Leveraging recovered OAuth tokens to gain access to mailboxes
  • Talking to Gmail API directly
  • Examining Gmail History records to make your own audit trail
  • Q&A

I hope this has been a fun experience for those of you who participated. I personally had a blast! :smiley:

We had over 500 registered participants who made thousands of submissions. It was great fun to think up the challenges, solve the first 5 live, and chat with fellow examiners who share very similar interests. It is fair to say that we had a fantastic group of people with extraordinary skills—email forensics is a niche within a niche, and they were able to adapt and navigate the challenges with little outside documentation and prior research available.

Looking forward to the next one!

1 Like

We held the live event yesterday where we solved challenges 6 through 10. If you missed it, you can access the recording below.

Went over my initial 90 minute estimate, but it was great fun. Even got to do a little bit of Python scripting :smiley:

We will keep the archived challenges live for a little while longer in case anyone wants to play with them.