Horreur, malheur 3/5 - Simple persistance

forensics FCSC 2024 solved on

star star

Description

You’ve just been hired as Chief Information Security Officer (CISO) for a strategic company.

Arriving at your office on your first day, you realize that your predecessor has left you a USB stick with a note on it: VPN compromised (integrity). Version 22.3R1 b1647.

You have successfully decrypted the archive. It seems that this archive contains another archive, which contains the result of the device integrity check script.

Using this last archive and the logs, you are now looking for traces of persistence dropped and used by the attacker.

This challenge has been split into five parts:

Files

  • archive.encrypted
    63.94 KiB – 79145974f7a449b177a2456496a9ae1418764c30427b8399d63c5df38a294219
  • horreur-malheur.tar.xz
    3.21 MiB – 192210cee1dc560cbc940a7143a11e5c666b8bfd9f60f6521c57596f7fa32be6

Author

\E

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2024-05-01
lrstx
🇫🇷