Extract a .NET malware from a JS file (hidden in favicon(1).ico). Reverse the JS and the binary to reveal an XOR cipher, do the XOR to reveal the key.

Original writeup (https://advancedpersistentjest.com/2018/04/01/writeups-so_stealthy-rescue-shell-nuit-du-hack-quals/).