Chapardeur de mots de passe

forensics network FCSC 2020 solved on

star star

Description

A friend asks for your help to check whether the email he has just opened related to Covid-19 was malicious. He pretends he tried to open the attachment with no success. Soon after, a popup from his antivirus software indicated the word KPOT v2.0, but nothing else happened. After a preliminary analysis, your friend suggests that the malware has been modified, especially since the content that was potentially exfiltrated no longer seems predictible. To continue the analysis, your friend gives you a network capture of his traffic. Help him determine whether some files have indeed been exfiltrated and whether he needs to change his passwords.

Files

  • pws.pcap
    462.29 MiB – 98e3b5f1fa4105ecdad4880cab6a7216c5bb3275d7367d1309ab0a0d7411475d

Author

alx

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2023-11-17
bluesheet
🇫🇷
TeamFrance