Skip to content
🥷 TryHackMe

Day 7

CyberChef Web Application

What is the version of CyberChef found in the attached VM?

Section titled “What is the version of CyberChef found in the attached VM?”

How many recipes were used to extract URLs from the malicious doc?

Section titled “How many recipes were used to extract URLs from the malicious doc?”
  1. strings
  2. Find / Replace
  3. Drop bytes
  4. From base64
  5. Decode text
  6. Find/Replace (to remove patterns)
  7. Find/Replace
  8. Extract URLs
  9. Split
  10. Defang URL

We found a URL that was downloading a suspicious file; what is the name of that malware?

Section titled “We found a URL that was downloading a suspicious file; what is the name of that malware?”

Last step will solve the next 3 questions

What is the last defanged URL of the bandityeti domain found in the last step?

Section titled “What is the last defanged URL of the bandityeti domain found in the last step?”

What is the ticket found in one of the domains? (Format: Domain/<GOLDEN_FLAG>)

Section titled “What is the ticket found in one of the domains? (Format: Domain/<GOLDEN_FLAG>)”