Grhelp - Connect back

forensics logs FCSC 2026 solved on

star

Description

You have the auditd logs of a compromised infrastructure.

The attacker successfully executed a command on a server, allowing it to connect to their command and control server.

  • What command did the attacker execute? (e.g., `bash echo “FCSC”)
  • What is the name of the compromised machine that executed this command? (e.g., Workstation)

The flag is the concatenation of the two responses: FCSC{machine-commandline} (e.g., FCSC{Workstation-bash echo "FCSC"})

Files

  • logs-connect.tar.gz
    5.98 MiB – a7a0cac88cd6b4f2e727c9667750dbcc854dd62453c392e05f3b98d235857d33

Author

mln

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.