Grhelp - Exfiltration

forensics logs FCSC 2026 solved on

star

Description

The attacker appears to have successfully exfiltrated the backupfiler machine. Can you identify:

  • the tool used to exfiltrate the data
  • the absolute path of the exfiltrated file
  • the time the data was prepared for exfiltration (YYYY-MM-DDTHH:MM:SS in UTC)?

The flag is the concatenation of the three responses: FCSC{tool-filepath-YYYY-MM-DDTHH:MM:SS}

Files

  • logs-exfil.tar.gz
    6.20 MiB – a5b649f561d3c2c9896788289c43931e9bd5dd00fb39bb1b8c0a594e010a953f

Author

mln

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

I've been looking for a long time and I still can't find the flag!

You can vote for the solutions you prefer by using the on their respective pages.

DateAuthor Language Tags
2026-05-14
noahlgrd01
🇫🇷