First Shift CTF tryhackme

detailed writeup

Probably Just Fine

  • Unusual VPN login of susan.martin@probablyfine.thm from 37.19.201.132 (Singapore)
  • Susan from Marketing is in Singapore, attending a security vendor conference
  • TryDetectThis

  • she confirmed she did not log in to the company VPN
  • using a public Wi-Fi hotspot at a cafe
  • binary with the hash b8e02f2bc0ffb42e8cf28e37a26d8d825f639079bf6d948f8debab6440ee5630
  • ASN number related to the IP?

Phishing Books

1
2
3
4
5
6
7

Subject: MFA Removal Requests
From: Dr. Isabella <isabella@kingford.ac.uk>

    Hey, ProbablyFine SOC Team,
    I've been getting several emails asking me to approve my MFA.
    Are you performing any tests? Should I approve these requests?
    Dr. Isabella
Licensed under CC BY-NC-SA 4.0