The administrator tried to hide one of his IP addresses used to connect to this server. Recover the IP address and submit it as the flag in the format FCSC{<ip-address>}.
FCSC{192.168.37.1}
Elvis Avduli ElvisAvduli
This task continues from the previous disk analysis. While exploring the mounted filesystem, we discovered a shadow-style file and evidence that a user obob exists. By searching for occurrences of obob and inspecting command history, we recovered a secret string that becomes the flag.
Goal: Find the secret string and format the flag as FCSC{<string>}.
You are given a disk image fcsc.raw containing an encrypted disk. The administrator used LUKS encryption with a known passphrase. The challenge asks:
What is the date of creation of the filesystem in UTC?
The flag must be in ISO 8601 format inside FCSC{}. Example: FCSC{2022-04-22T06:59:59Z}.
This challenge gave us a disk image file named fcsc.raw. The goal was to find the unique identifier (UUID) of the partition table for the disk and submit it wrapped in the FCSC{} format as the flag.
Goal: Find the disk GUID and format the flag as
FCSC{<GUID>}.
During analysis of a provided pcap, a TCP stream was found that contained a hex-encoded ZIP archive. The archive (flag.zip) was reconstructed from the captured payload, extracted, and contained a flag file. This write-up documents the evidence, analysis steps, exact commands used to recover the ZIP, findings, and recommendations.
The memory dump was captured while a user was working on a highly sensitive document. If the workstation was compromised, this document may have been stolen. The task was to identify:
- The name of the document editing software (executable).
- The name of the document being edited (filename only, without the full path).
Flag format: