Forenzeek - Compromission initiale

forensics logs FCSC 2026 solved on

star

Description

Network logs from the Zeek tool were collected on a network where an attacker was detected. Only a portion of the Zeek log fields are available.

A compromise was observed on the machine with the IP address 192.168.1.42. This compromise was achieved via a malicious email containing a fairly large payload. Can you find the UID of the connection associated with downloading the email? (e.g., 1ac41a8ff0fd305679)

The flag is in the format FCSC{uid} (e.g., FCSC{1ac41a8ff0fd305679}).

Files

  • forenzeek.csv.gz
    2.64 MiB – 4d83ad45f928e87d52d776e7e064dd62d912055ee8160cdfce6a1b23a5be77c3

Author

mln

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags
2026-05-14
noahlgrd01
🇫🇷