Persecure : my learning archive

L’espion

You have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker’s identity.

Incident responders and digital forensic investigators are currently on the scene and have conducted a preliminary investigation. Their findings show that the attack originated from a single user account, probably, an insider.

Investigate the incident, find the insider, and uncover the attack actions.

https://cyberdefenders.org/blueteam-ctf-challenges/73#nav-questions

Download the challenge files and you will be given a text file and two images. The text file contains a link to a GitHub account.

Q1
File -> Github.txt:
What is the API key the insider added to his GitHub repositories?

Head to the account holder repository and there will be a Login page javascript source code.

The API key can be found here.

Q2
File -> Github.txt:
What is the plaintext password the insider added to his GitHub repositories?

Scroll down the code to find a base64 password.

Decode the base64 password to find the plaintext password.

Q3
File -> Github.txt:
What cryptocurrency mining tool did the insider use?

Scroll the repositories to find the crypto mining tool.

Q4
What university did the insider go to?

Do a google search and you will found the insider’s LinkedIn account which states the university.

Q5
What gaming website the insider had an account on?

Head to the insider’s Instagram account to find a QR code that leads to the gaming website.

Q6
What is the link to the insider Instagram profile?

Q7
Where did the insider go on the holiday? (Country only)

Clue is given in the post caption and also it’s my city.

Q8
Where is the insider’s family live? (City only)

Identify the flag to find the country.

Q9
File -> office.jpg:
You have been provided with a picture of the building in which the company has an office. Which city is the company located in?

Search for the theatre to find the name of the city.

Q10
File -> Webcam.png:
With the intel, you have provided, our ground surveillance unit is now overlooking the person of interest’s suspected address. They saw them leaving their apartment and followed them to the airport. Their plane took off and has landed in another country. Our intelligence team spotted the target with this IP camera. Which state is this camera in?

Do a goggle lens search the image provided.

Search for the university to find the location of the state.

Create a website or blog at WordPress.com