Operation Ephemeral 🔥

Forensics 500 pts standard
Challenge Description

Scenario:

Your SOC team detected suspicious activity on a Linux-based web server. The system was isolated and a forensic acquisition was performed.

You are provided with: https://drive.google.com/file/d/1Q0qQ6oniAMlaIGpaXK2qWAVYCnfnH_zM/view?usp=drive_link

  1. A full disk image of the compromised server.
  2. A volatile memory dump acquired using LiME.

Preliminary investigation suggests:

  • Possible web application compromise.
  • Suspicious privilege escalation activity.
  • Sensitive customer records may have been accessed.
  • Evidence of encryption activity.
  • Potential data exfiltration attempt.

Flag Format:

HackCTF{...}

Submit Flag

Login to submit a flag.

← All Challenges