Supply Chain Smoke

Forensics 200 pts standard
Challenge Description

A production API started beaconing externally right after a routine dependency update. You must prove package-level compromise and trace where it entered the pipeline.

Files
↓ decoy_packages.txt ↓ github_actions.log ↓ mixed_case_telemetry.log ↓ noise.log ↓ noise_expanded.log ↓ npm_lock_diff.txt ↓ proxy_summary.txt ↓ sbom.json
Submit Flag

Login to submit a flag.

← All Challenges