lesion.io Blog
  • Roadmap
  • Docs
    • Templates
      • Data Inventory
      • Access Control
      • Cybersecurity Roles & Responsibilities
      • Asset Inventory
      • Acceptable Use Policy
      • Change Management
      • Vendor Risk Assessment Form
      • Password Protection Policy
  • About Us
    • Manifesto
    • Metrics
  • CTF Team
    • CISA ICS CTF 2024
      • Virbank
        • Mission: Inconceivable - 1
        • Mission: Inconceivable - 2
        • Extend Your Stay - 1
        • Extend Your Stay - 2
        • Extend Your Stay - 3
        • Extend Your Stay - 4
        • Follow The Charts - 1
        • Follow The Charts - 2
        • Read Askew Manuscripts - 1
        • Read Askew Manuscripts - 2
        • Read Askew Manuscripts - 3
        • Read Askew Manuscripts - 4
        • Read Askew Manuscripts - 5
      • Anville
        • Genisys of the Problems - 1
        • Genisys of the Problems - 2
        • Genisys of the Problems - 3
        • Modeling Trains - 1
        • Modeling Trains - 2
        • Modeling Trains - 3
      • Castelia
        • Page
      • Driftviel
        • Page 1
Powered by GitBook
On this page

Was this helpful?

  1. CTF Team
  2. CISA ICS CTF 2024
  3. Virbank

Read Askew Manuscripts - 3

PreviousRead Askew Manuscripts - 2NextRead Askew Manuscripts - 4

Last updated 7 months ago

Was this helpful?

  1. We are next tasked with finding the name of the user that had their information extracted.

  2. Reading the note from the previous challenge I thought about using a volatility USB plugin to potentially identify the user from there. Sadly I couldnt get it to work with the older or newer version.

  3. I eventually started looking elsewhere. Digging through the filescan command we find patient images but a lot, Too many to tell which one was taken.

  4. Using grep to search for .png only files and digging through the list we find that one of the images are not located where the rest are.

  1. Phoenix Wright is the person that had there image taken.