[Day 8] Disk forensics Have a Holly, Jolly Byte! - Terence Fürst

By - Terence Fürst
Posted on 9. Dezember 202311. Dezember 2023
Posted in Advent of Cyber 2023, TryHackMe

[Day 8] Disk forensics Have a Holly, Jolly Byte!

What is the malware C2 server?

mcgreedysecretc2.thm

What is the file inside the deleted zip archive?

JuicyTomaTOY.exe

What flag is hidden in one of the deleted PNG files?

THM{byt3-L3vel_@n4Lys15}

What is the SHA1 hash of the physical drive and forensic image?

39f2dea6ffb43bf80d80f19d122076b3682773c2

Previous Article

[Day 7] Log analysis ‘Tis the season for log chopping!

Next Article

[Day 9] Malware analysis She sells C# shells by the C2shore