Tags: forensics
Rating: 5.0
> Sometimes you can exfiltrate data with more than just plain text. Can you figure out how the attacker smuggled out the flag on our network?
If we examine HTTP requests, we notice the flag in the ASCII DUMP section.
[video link](https://margheritaviola.com/2024/04/08/swampctf-2024-forensics-new-c2-channel-writeup/).
```
swampCTF{w3lc0m3_70_7h3_l4nd_0f_7h3_pc4p}
```