Archives

PsExec Hunt

Dec 12, 2025

An alert from the Intrusion Detection System (IDS) flagged suspicious lateral movement activity involving PsExec. This indicates potential unauthorized access and movement across the network. As a SOC Analyst, your task is to investigate the provided PCAP file to trace the attacker’s activities. Identify their entry point, the machines targeted, the extent of the breach, and any critical indicators that reveal their tactics and objectives within the compromised environment.

PTITHCM Mini Forensics

Nov 12, 2025

Sweet Secret

We are given a .docx file, reading it gives us nothing. So we are going to extract it.

$ unzip 'Welcome.docx'

Then we are given an AES Ciphertext in docProps/secret.txt

$ cat 'docProps/secret.txt'
AES-data: 3d0d1fe78d2d8648ac15b5f51ad906fae58b54b89e680b8130188efc326392acb000b9956628c014f0dc9916aa9eef56

Inside word/document.xml, we can find the Key and IV

XML

<w:t>Key=make_pis_great_againnnnn,IV=123456789abcdefg</w:t><

Decrypting with CyberChef gives us the flag.

Note

You can use this link to get the results.