Tags: partial stegano forensics wtf 

Rating: 4.0

https://github.com/p4-team/ctf/tree/master/2018-07-21-ctfzone-quals/for_ghost

dotsu – July 24, 2018, 2:21 p.m.

There's a encrypted 7zip after the mkv in the dump file(the original 7z header is modified to 1z), just use the sentence to decrypt it


Pharisaeus – July 24, 2018, 4:51 p.m.

Thx @dotsu! We knew we must have missed something. We've seen in the dump some overwritten PY and 7Z files, but didn't think about it much.