Hello dudes,
I hope to find you well.
This is Ali Alaa and this is L’espion writeup for CyberDefenders platform’s challenge.
This is a Threat Intel challenge and if you wanna find more about this topic you can try L’espion challenge.
So, lets start….
After I downloaded challenge’s zip file and extracted files , it contains 1 txt file and 2 photos. After opened txt file it contains github profile url =>
https://github.com/EMarseille99.
First Question: What is the API key the insider added to his GitHub repositories?
After browsed profile’s repositories I found all were forked from another repos and only one was created by user so, it may be the suspect repo.
Its name “Project-Build — -Custom-Login-Page” and contains 2 files
1- Login Page.js
2- fsociety.js
Lets open these files in order,
I opened “Login Page.js” I found first line contains the API key
Here we go, the answer is : aJFRaLHjMXvYZgLPwiJkroYLGRkNBW
Second Question: What is the plaintext password the insider added to his GitHub repositories?
JS file created for login page so, it may contains username and password.
I searched in file to found and creds used to login so, I found that file has username : EMarseille99 and password: UGljYXNzb0JhZ3VldHRlOTk= but it encrypted (base64).
I copied base64 hash and decoded it use base64decode.
After decoded hash I got this password : PicassoBaguette99
Here we go, the answer is : PicassoBaguette99
Third Question: What cryptocurrency mining tool did the insider use?
Here I found this repo is suspected one form its description there are clues like CryptoNight and Argon2 CPU/GPU miner.
After browsed it Here what I found
It’s a 100% clue that it’s a crypto mining tool.
Here we go, the answer is : XMRig
Forth Question: What university did the insider go to?
Here I didn’t have any other info related to insider except github profile so, lets search for the main username.
A lot of users frequently used same username on other platforms.
After I searched for this username “emarseille99” I found Linkedin profile, lets navigate it..
Here we go, the answer is : Sorbonne
Fifth Question: What gaming website the insider had an account on?
I did search for username “emarseille99” before and I found also a Instagram profile,
lets navigate it..
I found a Qrcode photo with description “Add me for some games ;)”
so, lets scan this Qrcode ..
Url profile : https://qrgo.page.link/4k9hH
After open it in browser
Here we go, the answer is : Steam
Sixth Question: What is the link to the insider Instagram profile?
I got this url profile from previous search.
Here we go, the answer is : https://www.instagram.com/emarseille99/
Seventh Question: Where did the insider go on the holiday? (Country only)
I found a photo from this country with description “Once in a lifetime holiday here, love me some slings x”.
This is a country where insider go there for holiday…
I used google lens service to search for this landmark and I found
Here we go, the answer is : Singapore
Eighth Question: Where is the insider’s family live? (City only)
From Instagram profile I found 2 photos first one with description “Nice to meet friends & family Photo 1/2” which contains villa with UAE flage and second one for burj khalifa which I know it’s in Dubai.
Here we go, the answer is : Dubai
Ninth Question: You have been provided with a picture of the building in which the company has an office. Which city is the company located in?
I used google lens service to search for this landmark and I found
I saw that 2 landmarks are matching and from this post with highlight it tells me that this landmark is in “Birmingham”.
Here we go, the answer is : Birmingham
Tenth Questions: With the intel, you have provided, our ground surveillance unit is now overlooking the person of interest’s suspected address. They saw them leaving their apartment and followed them to the airport. Their plane took off and has landed in another country. Our intelligence team spotted the target with this IP camera. Which state is this camera in?
I used google lens service to search for this landmark and I found it belongs to University of Notre Dame so, I searched to know where this university located in which state ?
Here we go, the answer is : Indiana
At the end ,
I hope you enjoyed this writeup ❤️.
