Lockpick 3.0 | HTB Forensics (Hard)
A ransomware decryption challenge where the encryption scheme looks custom at first
but turns out to be a misused AES implementation.
category
HackTheBox
→
Seized | HTB Forensics (Medium)
A disk image challenge involving a Windows host used to exfiltrate data. The
interesting part was figuring out which file was the payload and which was a decoy.
→
Rogue | HTB Forensics (Easy)
A pcap analysis challenge where credentials get stolen over an unencrypted protocol.
→
Intentions | HTB Forensics (Hard)
Three days. A heavily obfuscated PowerShell dropper, a second-stage payload living
entirely in memory, and a flag hidden in a registry key that should not exist.
→
PersistenceIsFutile | HTB Forensics (Moderate)
A walkthrough of PersistenceIsFutile on HackTheBox. Eight backdoors on a compromised Linux server with no documentation left behind. Systematic enumeration of persistence mechanisms from obvious to kernel-level.
→
Obscure | HTB Forensics (Easy)
A walkthrough of the Obscure Easy forensics challenge on HackTheBox. An obfuscated PHP webshell uploaded to a compromised Apache server. Deobfuscation, traffic analysis, and flag recovery through Wireshark.
→
Reminiscent | HTB Forensics (Easy)
A complete walkthrough of the Reminiscent Easy forensics challenge on HackTheBox. A memory dump from a machine infected via a malicious email attachment. Process tree analysis, base64 command decoding, and document recovery.
→