Description
During the summer of 2022, an operator of vital importance (OIV) alerts the ANSSI because it believes it is the victim of a major cyber attack. The OIV’s security operation center (SOC) sends an export of its system collection over the last few days. Your job is to understand the attacker’s actions.
Note: The 5 parts are numbered in the chronological order of the attack, but it is not necessary to solve them in order.
After the action seen in Part 1, the attacker steals the system credentials from memory. Find the GUID of the process performing this theft and the name of the file where he writes the stolen secrets.
Flag format (case insensitive): FCSC{6ccf8905-a033-4edc-8ed7-0a4b0a411e15|C:\Windows\Users\toto\Desktop\fichier.pdf}
This challenge has been split into five parts:
Files
-
soc_events.zip
481.70 MiB – b276816ec987a8c2874cb2f3ca18a70bf0857dcbe4d766d07dbf7bd256890084
Author
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.