Horreur, malheur 5/5 - Un peu de CTI

forensics FCSC 2024 solved on

star

Description

You’ve just been hired as Chief Information Security Officer (CISO) for a strategic company.

Arriving at your office on your first day, you realize that your predecessor has left you a USB stick with a note on it: VPN compromised (integrity). Version 22.3R1 b1647.

You’ve almost completed your analysis! All that remains is to qualify the IP address present in the last command used by the attacker.

You need to determine which attacker group this IP address belongs to, as well as the legitimate management interface that was exposed at the time of the attack.

The flag is in the format: FCSC{<UNCXXXX>:<service name>}.

Note: This is a genuine malicious IP address, do not interact directly with this IP address.

This challenge has been split into five parts:

Files

  • archive.encrypted
    63.94 KiB – 79145974f7a449b177a2456496a9ae1418764c30427b8399d63c5df38a294219
  • horreur-malheur.tar.xz
    3.21 MiB – 192210cee1dc560cbc940a7143a11e5c666b8bfd9f60f6521c57596f7fa32be6

Author

\E

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags Vote
2024-05-01
lrstx
🇫🇷