Obfusc8ted:

You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?

Starting Point:

Password = hackthebox

cd ~
mkdir Obfusc8ted
cd /Obfusc8ted
git clone https://github.com/RoseSecurity/Obfusc8ted
unzip Obfusc8ted.zip

Objective:

Learn new techniques to parse obfuscated network traffic in an attempt to identify malicious threat actors' intentions.

Difficulty:

Easy

Flag Format:

HTB{s0me_fl4g_her3}

Author(s):

Kleptocratic and RoseSecurity

Walkthrough:

The password for Walkthrough.zip is the final flag, but if you could not discover the answer, check out https://medium.com/@RoseSecurity/obfusc8ted-walkthrough-making-sense-of-malware-infested-network-traffic-8b61c2c60c4e!

Happy Hunting!

About

You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?