Layer Cake | toby.re

This is a three part challenge :

challenge1
challenge2
challenge2

First part

docker pull anssi/fcsc2024-forensics-layer-cake-1 
docker history --no-trunc anssi/fcsc2024-forensics-layer-cake-1 | grep FCSC

Second part

We are going to look in all the files of the docker image’s layers.

docker pull anssi/fcsc2024-forensics-layer-cake-2 
for i in $(docker inspect anssi/fcsc2024-forensics-layer-cake-2 | grep /var/lib/docker | cut -d '/' -f 6) ; do grep -nir FCSC /var/lib/docker/overlay2/$i ; done

Third part

We are going to use exactly the same strategy, I guess in at least one of the cases something else was expected, but anyway:

docker pull anssi/fcsc2024-forensics-layer-cake-3 
for i in $(docker inspect anssi/fcsc2024-forensics-layer-cake-3 | grep /var/lib/docker | cut -d '/' -f 6) ; do grep -nir FCSC /var/lib/docker/overlay2/$i ; done