Operation Ephemeral

Challenge Description

Your SOC team detected suspicious activity on a Linux-based web server. The system was isolated and a forensic acquisition was performed.

You are provided with: https://drive.google.com/file/d/1Q0qQ6oniAMlaIGpaXK2qWAVYCnfnH_zM/view?usp=drive_link

1. A full disk image of the compromised server.
2. A volatile memory dump acquired using LiME.

Preliminary investigation suggests:

• Possible web application compromise.
• Suspicious privilege escalation activity.
• Sensitive customer records may have been accessed.
• Evidence of encryption activity.
• Potential data exfiltration attempt.

Flag format: HackCTF{...}