GrrCON DFIR Challenge 2013

Wednesday, 16. October 2013

This year was the 2nd time GrrCON decided to do a DFIR challenge during the conference and the winner this year received $500.

2013 Winners

1st place – @5ck

2nd place – @kjake

3rd place – @Patories

Jack Crook did an amazing job with the challenge the first time around in 2012. If you haven’t checked out the one from 2012, here is a review from the Volatility Labs blog.

http://volatility-labs.blogspot.com/2012/10/solving-grrcon-network-forensics.html

We only had about 2 weeks to actually design and build out the 2013 challenge this year so the limited time was a huge constraint on everything we really wanted to do. It actually took 10 different virtual machines, and 4 separate networks to create this challenge.

I would like to give a special thanks out to NVINT for hosting the servers and providing dedicated firewalls and IP’s for use. The Hacker Academy and Mad Security provided a huge support for the grading system and the website part of my challenge. I would also like to personally thank Rob Marmo and Nick Deneweth for their help making the challenge. Without their hard long nights working on the challenge before the conference the GrrCON 2013 DFIR challenge wouldn’t have happened this year.

Download the files for the 2013 DFIR Challenge here:

https://drive.google.com/folderview?id=0Bz3L4ZnVlUY8Q0VJbmJCV3JzR28&usp=sharing

2013 DFIR Challenge PDF Walkthrough here – GrrCON-Challenge-walkthrough

Tags: .

Leave a Reply

You must be logged in to post a comment.