CyberDefenders: BlueTeam CTF Challenges

Spotlight

SHA1SUM	e4b3f7c5886b29bad0f68cb46335b335bcae1171
Published	Oct. 7, 2020
Author	Champlain College
Size	55 MB
Tags	Autopsy Steganography OSX MAC

Instructions	Uncompress the challenge (pass: cyberdefenders.org)

Your progress

0% Completed0/15 Questions

Your score

0/5850

Digital Forensics

Last solve

25 days ago by mino

Spotlight is a MAC OS image forensics challenge where you can evaluate your DFIR skills against an OS you usually encounter in today's case investigations.

Tools:

#	Question	Weight	Solved
#1	What version of macOS is running on this image?	50	164
Hint Report an issue

#2	What "competitive advantage" did Hansel lie about in the file AnotherExample.jpg? (two words)	150	140
Hint Report an issue

#3	How many bookmarks are registered in safari?	200	143
Hint Report an issue

#4	What's the content of the note titled "Passwords"?	200	116
Hint Report an issue

#5	Provide the MAC address of the ethernet adapter for this machine.	200	119
Hint Report an issue

#6	Name the data URL of the quarantined item.	300	118
Hint Report an issue

#7	What app did the user "sneaky" try to install via a .dmg file? (one word)	300	128
Hint Report an issue

#8	What was the file 'Examplesteg.jpg' renamed to?	400	121
Hint Report an issue

#9	How much time was spent on mail.zoho.com on 4/20/2020?	450	94
Hint Report an issue

#10	What's hansel.apricot's password hint? (two words)	550	104
Hint Report an issue

#11	The main file that stores Hansel's iMessages had a few permissions changes. How many times did the permissions change?	600	99
Hint Report an issue

#12	What's the UID of the user who is responsible for connecting mobile devices?	600	92
Hint Report an issue

#13	Find the flag in the GoodExample.jpg image. It's hidden with better tools.	600	102
Hint Report an issue

#14	What was exactly typed in the Spotlight search bar on 4/20/2020 02:09:48	600	102
Hint Report an issue

#15	What is hansel.apricot's Open Directory user UUID?	650	98
Hint Report an issue

Submit Writeup