Skip to content
View zeved's full-sized avatar
😏
😏
4 followers · 19 following
  • Cluj Napoca, Romania

Achievements

Achievement: YOLOAchievement: Pull Sharkx3

Achievements

Achievement: YOLOAchievement: Pull Sharkx3

Block or report zeved

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. hackthebox-businessctf-2021-dfir-wri... hackthebox-businessctf-2021-dfir-writeup
    1 
    As this was a downloadable OVA file, I figured I needed to import it into VirtualBox and spin-up the machine in order to start.
    2 
    
              
    
              
    
                3
                
    After logging in with the provided password Noticed a PowerShell window appearing for a short time (the description mentioned something about ‘blue windows’ popping up so this is interesting).
    
              
    
              
    
                4
                
    
              
    
              
    
                5
                
    A quick look in the Task Manager revealed two suspicious processes with no name; however, when opening the file locations, we can find a weird svchost.exe file in a non-standard location: **C:\ProgramData\windows\svchost.exe**
    
              
    
          
    
    
    
  
    

    2.