Nate Thornton

Nate Thornton

I’m a Cybersecurity Operations Manager working in the financial industry and I’m working on developing my technical skills to increase my understanding of cybersecurity concepts. If you run into any inaccuracies or omissions on the site, please feel free to contact me at one of the links below.

Document Analysis Challenge - 2021 SANS Holiday Hack Challenge

less than 1 minute read

In this challenge, we use exiftool to check to see who last modified a file.

Play the 2021 SANS Holiday Hack Challenge

Here are the instructions that show up in the terminal:

HELP! That wily Jack Frost modified one of our naughty/nice records, and right before Christmas! Can you help us figure out which one? We’ve installed exiftool for your convenience!

Running ls shows that this folder is full of .docx files.

Let’s run exiftool on one of them:

exiftool 2021-12-01.docx

This outputs a bunch of metadata that we can look through. The one we’re interested in is “Last Modified By”, which shows up as “Santa Claus” for this file.

Let’s check the Last Modified By field for all of the files in this folder:

exiftool -LastModifiedBy *

And from here we can see that all of the files were last modified by Santa Claus, except for one.

Answer: 2021-12-21.docx

Updated:

You May Also Enjoy

Upgrading Shells

less than 1 minute read

If you get a non-teletype (TTY) shell, you can potentially upgrade it to a teletype shell for more functionality and fewer restrictions using the instruction...