Secret info
Overview
S C E N A R I O
A network capture reveals suspicious DNS activity originating from an internal host. While normal DNS traffic is expected in such environments, certain queries appear unusually structured and repetitive.
The captured traffic suggests that an attacker is using DNS requests to covertly transmit data to an external domain. The data appears to be processed through multiple stages, including compression, encryption, and encoding, before being split into chunks and embedded within DNS queries.
Multiple files have been exfiltrated using this technique. However, only one file is of interest — it contains the keyword “secret” in its name, although its full name is unknown.
O B J E C T I V E
Analyze the provided network capture, identify the malicious DNS traffic, reconstruct the exfiltrated files, and recover the contents of the file containing “secret” in its name to obtain the flag.
Infrastructure Downloadable archive
Provided Files secret_info.tar.gz
Flag Format Flag{}