CTF link.
Hi there incident responder. So we have this company that was breached sometime last week, but their SOC team only keeps HTTP request logs 🙁 We took down all of our
wolvsecsolutionswebsites as a precaution.Maybe there’s still a way to figure out what happened? Why did they click on a suspicious link? Somebody told me there’s a flag on the link now?
We parse logs containing the keyword wolvsecsolutions. You can use an editor to do this. I used sublimetext. (Ctrl+L to get the selected keywords as a complete row)
Here I delete frequently used hosts for example dev.wolvsecsolutions.
One of the remaining hosts draws our attention.
wctf{ph1sh3r5_l0v3_c0py1ng_d0m41n_n4m35}