HeroCTF 2021 - Challenges
OSINT
Find Me
Reverse image search the given file. One of the websites states that it is the Portes Mordelaises.
Social ID #1
Head over to https://tweeterid.com and just put in the HeroCTF handle.
Social ID #2
Head over to https://tweeterid.com again and just put in the ID instead.
Transfer
Look up the bitcoin transaction ID and find the wallet the transaction went to.
ProtonDate
Look up the email from within Proton Mail and it will show you when the RSA key was created.
Pushhhh
View the HeroCTF_v2 repository and grab the flag.
Forensics
We Need You 1
Use the volatility framework to parse through the downloadable memory dump. Use imageinfo to grab the system profile, then hivelist to view the place of the SYSTEM key, then printkey to grab the contents.
We Need You 2
Grab the NTLM hash from the \Config\DEFAULT key and throw it to an NTLM hash site for the flag.
We Need You 3
Use the netscan option to view any connections made to the machine.
Other
Russian
Open all the zip files to get the flag.
Holy Abbot
Decode the file from Ave Maria cipher.
Phono
Download the PhonoPaper app and use it to listen to the downloadable file to hear the flag.