Operation Nightwatch: The Insider Compromise
Connect to the Challenge Server
Connect to the challenge server using the host and port below to access the CTF challenge.
Problem Description
In the critical days leading up to a major cybersecurity competition, the development team at Nightwatch Security discovered alarming anomalies in their command-and-control server infrastructure. While preparing their elite C2 platform for "The Fray" competition, team members noticed unauthorized code modifications and suspicious network activity that suggested an insider threat had compromised their systems.
The attackers managed to infiltrate the development environment, planting a hidden backdoor that could potentially give them remote access during the actual competition. As the lead forensic investigator, you've been granted access to the SSH authentication logs and bash command history from the compromised development server.
Your mission is to analyze the digital evidence to uncover:
The entry point used by the attackers
The compromised user account
The attacker's infrastructure
The specific backdoor mechanism implanted in the system
The competition organizers have provided this interactive assessment to verify your findings. Answer the questions correctly to prove you've identified the full scope of the compromise and earn your team the recognition they deserve.
Flag Format: ProblemStack{...}
nc 5.189.172.8 10001 || ncat 5.189.172.8 10001
Problem Files
Login to submit a solution.
Frequently Asked Questions
This is a easy level problem worth 40 points.
This is a ctf challenge problem in the Forensics category.
1 user have successfully solved this problem.
Related Problems
Try these similar problems to improve your skills