SIDE QUEST
T1: OPERATION TINY FROSTBITE
"By the time you read this, you've already been attacked. I'm in your machine and you won't get it back. You must be aware that the more you delay, the more information will be stolen away. Your SOC is so weak, I'll lend them a hand. Here's a PCAP of the attack, you can't beat this band! If your machine you want to recover, the password I stole you'll need to discover."
The first of our enemies is the Frostbite Fox. Known for being the slyest of them all. She's made her way into McSkidy's machine. Luckily for us, our great SOC detected it all in time. While the team focuses on securing the machine, you are tasked with recovering the password the Fox stole, so we can get McSkidy's data back.
Note: To attempt this challenge you will need to find the L1 Keycard in the main Advent of Cyber room challenges. The password in the keycard will allow you to open the ZIP file, which you can download from http://MACHINE_IP/aoc_sq_1.zip. The zip file is safe to download with MD5 of 044a78a6a1573c562bc18cefb761a578. In general, as a security practice, download the zip and analyze the forensic files on a dedicated virtual machine, and not on your host OS. The keycard will be hidden between days 1 and 4.
Note from Frostbite Fox: All of the questions can be answered directly from the ZIP file provided. Please do not investigate any other artefacts found, such as IP addresses and hostnames. No VMs or remote hosts need to be accessed during this challenge. If you find yourself doing so, take a step back and don't overthink it.
Sincerely
FF
Last updated