← All Challenges

Supply Chain Smoke

Forensics 200 pts standard
Challenge Description

A production API started beaconing externally right after a routine dependency update. You must prove package-level compromise and trace where it entered the pipeline.

Find:

  1. Malicious package name.
  2. Malicious version.
  3. C2 domain contacted during build/runtime.
  4. Triggered lifecycle hook name.

Flag format: HackCTF{...}

Files
↓ decoy_packages.txt ↓ github_actions.log ↓ mixed_case_telemetry.log ↓ noise.log ↓ noise_expanded.log ↓ npm_lock_diff.txt ↓ proxy_summary.txt ↓ sbom.json
Hints
View Hint : Hint
  1. More than one package has an install script.
  2. Match lock diff with CI runtime behavior.
  3. Add the lifecycle hook token at the end of the flag.
Submit Flag

Login to submit a flag.