diff --git a/mkpuzzles b/mkpuzzles index 13b88d9..e52aca9 100755 --- a/mkpuzzles +++ b/mkpuzzles @@ -43,7 +43,7 @@ EOF
diff --git a/packages/forensics/10/index.html b/packages/forensics/10/index.html deleted file mode 100755 index 5b442e2..0000000 --- a/packages/forensics/10/index.html +++ /dev/null @@ -1,13 +0,0 @@ - -You have suspicions that a certain windows box has been infected by a Trojan. You have been given access to a memory image from this box.xp-laptop-2005-06-25.img Use the memory image to determine if the machine has been infected. - -In order to answer the questions: - - - Determine if the machine has been infected. - - - If it has not been infected, list "no" as your answer. - - - If it has been infected, list the process name of the Trojan - -HINT: You know from googling that the Trojan uses the passWD.log file. - diff --git a/packages/forensics/10/key b/packages/forensics/10/key deleted file mode 100755 index 97d62ab..0000000 --- a/packages/forensics/10/key +++ /dev/null @@ -1 +0,0 @@ -lsass.exe diff --git a/packages/forensics/100/index.html b/packages/forensics/100/index.html deleted file mode 100755 index bd74257..0000000 --- a/packages/forensics/100/index.html +++ /dev/null @@ -1,2 +0,0 @@ -What is the method of attack? -image file \ No newline at end of file diff --git a/packages/forensics/100/key b/packages/forensics/100/key deleted file mode 100755 index 700252b..0000000 --- a/packages/forensics/100/key +++ /dev/null @@ -1 +0,0 @@ -dll injection diff --git a/packages/forensics/20/index.html b/packages/forensics/20/index.html deleted file mode 100755 index 94c6203..0000000 --- a/packages/forensics/20/index.html +++ /dev/null @@ -1,15 +0,0 @@ - - -You are currently employed as a SW engineer at KELCY INC. One of your clients has informed you that $10,000 has been deducted from their accounts from an authorized user. They have delivered a software image for you to investigate. Determine if the machine has been compromised. - -In order to answer the questions: - - - Determine if the machine has been compromised. - - - If it has not been compromised, list "no" as your answer. - - - If it has been compromised, list the file name (with its extension) being used by the malicious software - -winxppro.vmem - - diff --git a/packages/forensics/20/key b/packages/forensics/20/key deleted file mode 100755 index 8c72a46..0000000 --- a/packages/forensics/20/key +++ /dev/null @@ -1 +0,0 @@ -klog.txt diff --git a/packages/forensics/200/index.html b/packages/forensics/200/index.html deleted file mode 100755 index e137f68..0000000 --- a/packages/forensics/200/index.html +++ /dev/null @@ -1,2 +0,0 @@ -What is the name of what was injected? -image file \ No newline at end of file diff --git a/packages/forensics/200/key b/packages/forensics/200/key deleted file mode 100755 index 2174d39..0000000 --- a/packages/forensics/200/key +++ /dev/null @@ -1 +0,0 @@ -winsecur.dll diff --git a/packages/forensics/250/index.html b/packages/forensics/250/index.html deleted file mode 100755 index 9937b0b..0000000 --- a/packages/forensics/250/index.html +++ /dev/null @@ -1,10 +0,0 @@ -SA Dumas from the Albuquerque FBI Cyber Squad has alerted you that Antoniette Balls (Iranian postdoc with a username of "aballs@tipmeover.org") working at the lab has been in contact with Iranian Jihad organization. Find the code that she is transmitting to the Iranian Jihad Organization. -AD database -