← All Challenges

Pocket Breach

Forensics 100 pts standard
Challenge Description

An executive received a smishing message and later unauthorized cloud sessions appeared. Investigate mobile artifacts and correlate with login telemetry.

Recover :

  1. Malicious domain in SMS URL.
  2. First unauthorized session epoch.
  3. Correlated city from device cache.
  4. Suspicious source IP tied to token abuse.

Flag format: HackCTF{...}

Files
↓ app_artifacts.txt ↓ auth_sessions.csv ↓ decoy_messages.txt ↓ geolocation_cache.csv ↓ mixed_case_telemetry.log ↓ noise.log ↓ noise_expanded.log ↓ sms_messages.txt
Hints
View Hint : Hint
  1. There are multiple links across message files; only one maps to the incident timeline.
  2. Anchor on the first suspicious token refresh.
  3. Include the same row's IP in your flag.
Submit Flag

Login to submit a flag.