SOC Simulator 5/5 - Vol de secret 2

forensics logs FCSC 2024 solved on

star star

Description

During the summer of 2022, an operator of vital importance (OIV) alerts the ANSSI because it believes it is the victim of a major cyber attack. The OIV’s security operation center (SOC) sends an export of its system collection over the last few days. Your job is to understand the attacker’s actions.

Note: The 5 parts are numbered in the chronological order of the attack, but it is not necessary to solve them in order.


On the machine identified in part 4, the attacker steals the system secrets again. Find the GUID of the process carrying out this theft and the name of the file where he writes the stolen secrets.

Flag format (case insensitive): FCSC{6ccf8905-a033-4edc-8ed7-0a4b0a411e15|C:\Windows\Users\toto\Desktop\file.pdf}

This challenge has been split into five parts:

Files

  • soc_events.zip
    481.70 MiB – b276816ec987a8c2874cb2f3ca18a70bf0857dcbe4d766d07dbf7bd256890084

Author

ribt

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.