Description
During the summer of 2022, an operator of vital importance (OIV) alerts the ANSSI because it believes it is the victim of a major cyber attack. The OIV’s security operation center (SOC) sends an export of its system collection over the last few days. Your job is to understand the attacker’s actions.
Note: The 5 parts are numbered in the chronological order of the attack, but it is not necessary to solve them in order.
Following on from what we have seen above, the attacker has collected a large amount of business data. Find the command used to collect this data.
Flag format: FCSC{sha256(<UTF8 command without line feed>)}
For example if the malicious command was 7z a "Stolen files.zip" C:\Windows\System32, the flag would be FCSC{91c79bc2fcb72bdc8ebf68a1f4d53d37e7b3933762b80278bdf6db14319c9948}
This challenge has been split into five parts:
Files
-
soc_events.zip
481.70 MiB – b276816ec987a8c2874cb2f3ca18a70bf0857dcbe4d766d07dbf7bd256890084
Author
Flag
Submit your solution
You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.
You need to be logged in to submit a writeup.
Writeups
There are no public solutions for this challenge yet, but you can submit yours after getting the flag.