Mon Compte
Se connecter / Créer un compte
Mon Panier
Analyze the archive to identify malicious activity, extract hidden flags, or reconstruct a sequence of events. 1. Initial Triage & Metadata
If a network capture was inside, use Wireshark to follow TCP/HTTP streams.
Does the "Scooter" process spawn a secondary, hidden process to execute the payload? 4. Deobfuscation (The "Flow") If the challenge name implies a stream or flow, look for:
Does it add a registry key to HKCU\Software\Microsoft\Windows\CurrentVersion\Run ?
The first step is identifying the file type and checking for basic obfuscation.
If a .ps1 script is present, it likely uses multiple layers of iex (Invoke-Expression) or XOR encoding.
Generate MD5/SHA256 hashes to check against VirusTotal or other threat intelligence databases. Archive Inspection:
Analyze the archive to identify malicious activity, extract hidden flags, or reconstruct a sequence of events. 1. Initial Triage & Metadata
If a network capture was inside, use Wireshark to follow TCP/HTTP streams.
Does the "Scooter" process spawn a secondary, hidden process to execute the payload? 4. Deobfuscation (The "Flow") If the challenge name implies a stream or flow, look for:
Does it add a registry key to HKCU\Software\Microsoft\Windows\CurrentVersion\Run ?
The first step is identifying the file type and checking for basic obfuscation.
If a .ps1 script is present, it likely uses multiple layers of iex (Invoke-Expression) or XOR encoding.
Generate MD5/SHA256 hashes to check against VirusTotal or other threat intelligence databases. Archive Inspection: