Judgmental Behavior

hackerlab

Task: ~165 MB winlogbeat/Sysmon events.json from a slacking developer's workstation; reconstruct his behavior and find the flag. Solution: parse Sysmon events, recover Chrome History showing downloaded osu! beatmaps, ignore the decoy CODEBY{try_it_ok} beatmap, pivot via OSINT to the SAME creator's second beatmap whose audio filename IS the flag.

osint leetspeak github data_exfiltration sysmon decoy_flag winlogbeat chrome_history osu_beatmap 7zip

sysmon_event_parsingchrome_history_forensicsosu_beatmap_analysiscreator_enumeration_osintdecoy_eliminationarchive_filename_flag

$ ls tags/ techniques/

osint leetspeak github data_exfiltration sysmon decoy_flag winlogbeat chrome_history osu_beatmap 7zip

sysmon_event_parsingchrome_history_forensicsosu_beatmap_analysiscreator_enumeration_osintdecoy_eliminationarchive_filename_flag

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pentest][Pro]Сисадмин (Sysadmin)— hackerlab
[forensics][Pro]Системный лог (System Log)— hackerlab
[forensics][Pro]awk...wardddd ✂️— bluehensctf
[forensics][Pro]Старый боец (Old Fighter)— hackerlab
[forensics][Pro]:( (sad_face)— scarlet