* Look for large packets with PKZIP header and trailer bytes
* Extract with pyshark
* Base-64 decode flag

Original writeup (https://rainbowpigeon.me/posts/buckeyectf-2021/#usb-exfiltration).