These are beginner CTF questions for the Forensic and Security Technology club at Cal Poly Pomona.
Most of these questions are Forensic/Crypotgraphy challenges.
Answers/how-to will eventually be posted the the FAST blog. Hints for each question are available in hints.txt Answers are on my Blog.
Like my work? Donate here: https://buymeacoffee.com/forensicnoobsecurity
Points: 175
File: file1.wav
Question: We've sent the following secret message on a secret channel on your Pokegear.
Answer: https://forensicnoobsecurity.blogspot.com/2019/01/detecting-audio-steganography-cal-poly.html
Points: 70
File: file2.JPG
Question: This is a generic picture. What is the exposure time of this photograph?
Answer:https://forensicnoobsecurity.blogspot.com/2019/02/viewing-exif-data-fast-ctf-challenge-2.html
Points 250
File: file3.png
Question: Nothing unusal about a FAST logo right! Format: "FASTCTF{FLAG}"
Answer:https://forensicnoobsecurity.blogspot.com/2019/02/image-steganography-and-cryptography.html
Points 225
File: file4
Question: The flag is in there somewhere, I swear. Format: "fastctf{flag}"
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/cal-poly-fast-ctf-challenge-4-cracking.html
Points 100
File: file5.exe
Question: Here's a simple C program. What's the password? Format: "fastctf{flag}"
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/buffer-overflows-cal-poly-fast-ctf.html
Points: 200
File: file6.E01
Question: What is the exact original modification time by the kernel of the document "New Text Document.txt"? Format: YYYY-MM-DD HH:MM:SS.SSSSSS
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/detecting-timestomped-values-cal-poly.html
Points: 150
File: file7.JPEG
Question: The flag is in this image. What is it? Format: fastctf{flag}
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/image-anti-forensics-cal-poly-fast-ctf.html
Points: 125
File: file8.zip
Question: What is the MAC address of the computer these files originated from? (Hex in lower case)
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/lnk-forensics-cal-poly-fast-ctf.html
Points: 75
File: file9.zip
Question: What is the name of the executable with the MD5 hash of cdc47d670159eef60916ca03a9d4a007 that performs a malicious task? (Don't worry none of these will actually harm your computer).
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/md5-collisions-cal-poly-fast-ctf.html
Points: 30
File: file10.zip
Question: The flag is inside this Windows Batch file.
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/retard-test-cal-poly-fast-ctf-challenge.html
Points: 125
File: file11.txt
Question: Find the flag in this text document!
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/bit-shifting-cal-poly-fast-ctf.html
Points: 150
File: file12.zip
Question: When was the flag deleted? Format: "YYYY-MM-DD HH:MM:SS"
Answer:https://forensicnoobsecurity.blogspot.com/2019/03/recycle-bin-forensics-cal-poly-fast-ctf.html
Points: 100
File: Security
Question: How many interactive logons were there on this machine?
Answer: https://forensicnoobsecurity.blogspot.com/2019/12/windows-event-log-forensics-cal-poly.html
Points: 70
File: Security
Question: What was the timestamp when Patrick last logged off? FORMAT: M/DD/YYYY
Answer: https://forensicnoobsecurity.blogspot.com/2019/12/windows-event-log-forensics-cal-poly_1.html
Points: 110
File: Security
Question: How many times did VMware tools change the system time?
Answer: https://forensicnoobsecurity.blogspot.com/2020/05/searching-for-specific-processes-in.html
Points: 150
File: NTUSER.DAT
Question: What is the target name of the least recent most recent document opened in explorer?
Answer: https://forensicnoobsecurity.blogspot.com/2020/05/finding-most-recent-document-opening.html
Points: 150
File: NTUSER.DAT
Question: What is the 2nd command ran in the Windows run dialog box?
Answer: https://forensicnoobsecurity.blogspot.com/2020/05/run-dialog-forensics-cal-poly-ctf.html
Points: 200
File: NTUSER.DAT
Question: How many times was minesweeper run? FORMAT: ##
Answer: https://forensicnoobsecurity.blogspot.com/2020/05/user-assist-forensics-cal-poly-fast-ctf.html
Points: 200
File: NTUSER.DAT
Question: When was the last date ProcMon.exe was run? FORMAT: YYYY-MM-DD
Answer: https://forensicnoobsecurity.blogspot.com/2020/05/user-assist-forensics-2-cal-poly-fast.html
Points: 100
File: NTUSER.DAT
Question: What is the exact version of Google Chrome installed?
Answer: https://forensicnoobsecurity.blogspot.com/2020/05/find-chrome-version-from-windows.html
Points: 100
File: NTUSER.DAT
Question: What is the exact URL of the start page for Internet Explorer?
Answer: https://forensicnoobsecurity.blogspot.com/2020/05/finding-homepage-in-windows-registry.html
Like my work? Donate here: https://buymeacoffee.com/forensicnoobsecurity
Future questions: PCAPs - CDP, WEP, SMB file share, printing, word document, excel formula, PDF forensics, morse binary