LEVEL: TOP SECRET
OP: GHOST TRAFFIC
CASE ID: #FX-2024-091A
[ INTELLIGENCE BRIEF ]
Our IDS systems detected anomalies in outbound traffic from a suspicious employee's workstation. The firewall failed to block the connection because the attacker used standard network protocols (ICMP/DNS) to evade detection.
We have intercepted a traffic capture (.pcap). We believe the attacker has exfiltrated a critical access key.
Our IDS systems detected anomalies in outbound traffic from a suspicious employee's workstation. The firewall failed to block the connection because the attacker used standard network protocols (ICMP/DNS) to evade detection.
We have intercepted a traffic capture (.pcap). We believe the attacker has exfiltrated a critical access key.
Mission Objectives:
- Download and analyze the network capture file.
- Identify the protocol used for the tunnel (ICMP or DNS).
- Extract the payload (the secret key) from the packets.
Attachment: network_evidence.zip (Encrypted)
ZIP Password: infected
[ DOWNLOAD EVIDENCE ]
ZIP Password: infected
To complete the mission, open the main terminal and enter:
submit OP-GHOST-TRAFFIC FLAG{tu_flag_aqui}
submit OP-GHOST-TRAFFIC FLAG{tu_flag_aqui}