HCSC 2024 - Forensic intro

Description

You are employed by HCSC Corporation as an IT Security Analyst. The system administrator running the central office sends you a virtualized domain controller for examination because it is suspected that the machine has been compromised.

As in 2021 the company was hit by a serious attack, everybody is very vigilant, watch out for suspicious signs. Some weeks ago, the junior sales assistant, Jimmie Benjamin called the IT Helpdesk, because he has found 2 files on his desktop, that - he was very sure about the fact - has never seen before. The administrator asked him to submit these files for review. Shortly after his machine produced a BSOD and could not boot up anymore, the forensic expert team is working on it for the moment. It is suspected that some malicious actors achieved to step their feet in the door…

Your task is to investigate how deeply the system was compromised and how the hackers maintain their access to the organization’s resources.

Defense VM resource requirements:

• 6 GB RAM Min. 50GB storage space VMware Workstation Player 17
• Local Administrator login credentials: User: player Password: Hcsc2024

Flags accepted as case insensitive (unless otherwise stated), format examples always given in challenge description.

Forensic VM flags require a writeup, template provided here. Read the instructions, send only once!

Metadata

• Tags: intro
• Points: 0
• Number of solvers: 0
• Filename: HCSC2024_writeupsTemplate.rtf

Solution

No flag here.