CodeMonkeyZ
Regarding today’s event: We had technical difficulties getting started and had communication issues due to server attacks on our communication lines and instability of the public live streams. People were asking why we didn’t run tools on the data. It is because we were not remoted into a Windows server that had the image loaded; we had just mounted a forensic image of the files and were able to view the file tree and files only. Due to the setup of the forensic image, we were not able to run tools such as regedit, event viewers, or dll analyzers. We could not run the executable files inside the forensic image. We did not have a windows server setup with the image loaded due to obtaining the publicly-available data at the last minute. There simply was not enough time to setup a server because the show was already scheduled and we wanted to do it live. We came across unprepared, and it is true in a sense because we had just obtained the data. It was my very first time looking at the data and I did not know what exactly would be found on the systems ahead of the event. Interestingly, we did uncover a few critical things: 1. There appeared to be web server logs which potentially indicate that the server was accepting and executing commands remotely. 2. Election related data pre-upgrade was not present on the machine post-upgrade. This indicates that election related data was deleted or otherwise removed during the upgrade process. 3. The server had a suspicious configuration script designed to remove server security, potentially opening the machine up to a network hack. These issues warrant additional investigation.
whoa what happened to the format there? Never seen text cause a screen sidebar
Thank you! I read easier by copying onto a document. Funny it did that.
Any snippets and stuff from the symposium are much appreciated. Thinden - check out what TruthWillWin posted from CodeMonkey if you haven’t seen it yet.
thanx for the summary of CMZ
this was a big help
I was off the forum for most of the day & playing catch up now.