TNI Cybersec
CTF writeups collection by TNI-Cybersec
Deep_Dark_Fantasy
| Type | Difficulty | Score |
|---|---|---|
| File | Hard | 50 |
Instruction
Van Darkholme informed the Security Team that someone had connected to his computer and was using Microsoft Team to send a spam message to his friends in order to borrow money. The Security team found a RDP connection from another host in the network and reset the user’s password. After that the Security Team didn’t find any malicious activity until Van Darkholme used the computer to do his job again. Security Teams found malicious connections to suspect IP. Team assumed that the threat actor use some technique to do the persistence on this computer. Please help us to find that technique. (Format : forensic{flag})
Information
Download the file below and complete per instruction.