PwC Hack A Day CTF 2023 - Writeups
This was my first local CTF I’ve participated with my friends @Shen and @Blugon during my degree studies. In the end we managed to achieve 4th place out of 10 teams locally and 34th out of 60 teams regionally. Being the first CTF of my life, this was a huge confidence boost and it started my interest in DFIR and Threat Hunting.
Disclaimer
Unfortunately, I couldn’t retrieve the files and flags but I still vividly remember how the challenges went down.
OSINT 1 [OSINT]
We are given a link to a cafe website and the question mentioned that one of the employees was an insider and has recently went incognito to hide from the police. So obviously his picture and name will not be in the cafe website anymore. I had to use Wayback Machine to find the ex-employee’s profile in the website and the flag can be found on his profile description.
Threat Hunt 1 [Forensics]
We are given a compromised machine image to investigate. The malware can be found in the user’s Desktop with its name being the flag.
Threat Hunt 2 [Forensics]
Going through the compromised machine, a suspicious file can be found in the Preference folder which seemingly resembles the flag. Later, we found out the flag was encoded with Caesar cipher due to the file having the word ‘Caesar’ on the top. Decoding it gives us the flag.