FOR1

Description:

DFIR

Difficulty:

easy

Flag:

Flag: AtHackCTF{auditing_is_easy?!1234567890}

Solve:

on this challenge after i red the log file i figure it out it’s linux, so i searched for /bin/sh on the file

i got 2 values one of them was intersting, it was contine a hex code

then i decode it and got the flag :D