English [Cybercamp 2015] [Forense 4.4] Write Up


There was an intrusion for some time and from this computer seems to have downloaded malicious programs to do a DDoS from this pc.


Question: How is called the computer name?


We mount the 2 files into REGEDIT as seen in Forense 4.1.
There’s some registry keys named “ComputerName”, so we try to find one.
HKEY_USERS\FORENSIC_SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability | LastComputerName : DRONE-OPERATOR

SHA256(DRONE-OPERATOR) : 40ca2fc8a55570e5fddff64fd05d7a3238998504f71b356228275877f81bdc5a

Flag is 40ca2fc8a55570e5fddff64fd05d7a3238998504f71b356228275877f81bdc5a

Leave a Reply

Your email address will not be published. Required fields are marked *