XDMR
๐ฆ XMDR
| Category | Author |
|---|---|
| ๐ฆ Miscellaneous | John Hammond |
Challenge Prompt
We had a lot of fun helping the Internet understand what MDRs are, but we thought of the next the best thing: why not have you use one! ๐
A host that you protect had some strange alerts fire offโฆ can you analyze and triage to find other malicious activity?
Problem Type
- MDR
- Chrome History Analysis
Solve
Initial page said the GTRS and Baby Shark files were removed.
Navigated to their location โC:\Users\Administrator\Downloadsโ
Found GTRS file still existed.
Found Chrome installer in the same directory.
Downloaded and reviewed GTRS file.
Commands in go start with STARTCOMMAND and end with ENDCOMMAND.
Found Chrome logs in C:\users\administrator\appdata\local\Google\Chrome\User Data\Default
History file
Downloaded logs and reviewed. Found Commands with STARTCOMMAND then
1
2
3
begin 664
<jibberish here>
End
Found this was UUEncoding.
Installed sharutils
Used:
1
uudecode <file>
For each chunk to get the flag.
Flag
flag{69200c13dcb39de19a405e9d1f993821}