Description
You’ve just been hired as Chief Information Security Officer (CISO) for a strategic company.
Arriving at your office on your first day, you realize that your predecessor has left you a USB stick with a note on it: VPN compromised (integrity). Version 22.3R1 b1647
.
You have successfully decrypted the archive. It seems that this archive contains another archive, which contains the result of the device integrity check script.
Using this last archive and the logs, you are now looking for traces of persistence dropped and used by the attacker.
This challenge has been split into five parts:
Files
-
archive.encrypted
63.94 KiB – 79145974f7a449b177a2456496a9ae1418764c30427b8399d63c5df38a294219 -
horreur-malheur.tar.xz
3.21 MiB – 192210cee1dc560cbc940a7143a11e5c666b8bfd9f60f6521c57596f7fa32be6
Author
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.