* Volatility process scan
* Bash scan
* Dump SSH private key file
* SSH onto server and retrieve flag

Original writeup (https://rainbowpigeon.netlify.app/posts/umdctf-2021/#phillip-1).