SUN CTF 2025 Forensic

Challenge : Get Clawed

Analyze a disk image and network traffic capture to uncover hidden data.

Open .pcap file find :

Suspicious HTTP GET traffic containing ?guid= stood out — indicative of possible C2-style communication.

REFERENCE :

Open disk, find sus:

Use c2 script get link :

Base64 it and get what to do with .clawed :

We get the key, decrypt XOR, me can export png now :

Man see flag, man happy