Tibbles 'n Bits

Extracting EXIF Data From Email Images

Posted on November 16, 2023

I recently came across a question on the digital forensics subreddit that was asking if it’s possible to extract the EXIF data from an image that was attached to an email. This question piqued my interest because it was something I had moderate familiarity with - accessing an inbox programmatically... [Read More]

Tags: exif email forensics

Solving CyberDefenders' Insider Challenge

Posted on February 26, 2023

This is another post in a series of CTF challenges I’ve been doing through CyberDefenders. This one looks at their Insider challenge, which focuses on the analysis of a Kali Linux box. [Read More]

Tags: ctf cyberdefenders linux

Solving CyberDefenders' Bucket Challenge

Posted on February 26, 2023

This is a simple write up for the first challenge I attempted on CyberDefenders, which can be found here. [Read More]

Tags: ctf cyberdefenders aws

Damn Annoying Web Server

Posted on December 29, 2022

In a recent series of posts I’ve been writing, I started looking into a hypothetical web server breach as part of a CTF challenge to help bolster my DFIR skills. The web server that has been breached is a Windows 2008 web server running the Damn Vulnerable Web App(DVWA) via... [Read More]

Tags: xampp windows troubleshooting

Investigating a Web Server Breach - Part II

Posted on December 8, 2022

This is one of many posts in a series I’ll be doing on a CTF offered by Ali Hadi. The CTF looks at a web server breach and asks us to answer several questions in order to complete the challenge. In an effort to avoid an incredibly long blog post,... [Read More]

Tags: ctf windows logs

Investigating a Web Server Breach - Part I

Posted on December 3, 2022

This is one of many posts in a series I’ll be doing on a CTF offered by Ali Hadi. The CTF looks at a web server breach and asks us to answer several questions in order to complete the challenge. In an effort to avoid an incredibly long blog post,... [Read More]

Tags: ctf windows registry

Testing Hypotheses to Avoid Rabbit Holes in Investigations

Posted on November 21, 2022

Back in 2016 I was working for the Manhattan District Attorney’s Office, and my job was to investigate money laundering and terrorist financing. Because the US Dollar (USD) serves as the dominant reserve currency and is used to conduct international trade and financial transactions, and because all USD transactions must... [Read More]

Tags: investigations tips-n-tricks

My FAANG Data Engineer Interview

Posted on August 14, 2021

A few days ago, I posted on Reddit, which, unsurprisingly, prompted a lot of interest in both my background and what the interview experience was like. So, like any good programmer, I opted to follow the DRY principle and write a blog post instead of retyping the same response over... [Read More]

Tags: career

Piping API Data To Google Big Query Using Python - Part III

Posted on July 2, 2020

This is the final installment of a three-part blog post: Setting up the Infrastructure Building the API Piping it to Google BigQuery [Read More]

Tags: api bigquery

Piping API Data To Google Big Query Using Python - Part II

Posted on July 1, 2020

This is the second installment of a three-part blog post: Setting up the Infrastructure Building the API Piping it to Google BigQuery [Read More]

Tags: api bigquery