Obfusc8ted
You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?
Install / Use
/learn @RoseSecurity/Obfusc8tedREADME
Obfusc8ted:
You and the AppleLabs' Incident Response Team have been notified of a potential breach to a Human Resources' workstation. According to the Human Resources representative, they did not notice any anomalous activity while browsing the web, but the AppleLabs' system information and event management (SIEM) instance alerted on a suspicious domain. Moments later, the host-based intrusion detection system (HIDS) alerted on several malicious programs acting as potential keyloggers. While the AppleLabs' IT and Incident Response Teams struggle to find the answers, can you lend us your digital forensic experience to hunt down this threat actor?
Starting Point:
Password = hackthebox
cd ~
mkdir Obfusc8ted
cd /Obfusc8ted
git clone https://github.com/RoseSecurity/Obfusc8ted
unzip Obfusc8ted.zip
Objective:
Learn new techniques to parse obfuscated network traffic in an attempt to identify malicious threat actors' intentions.
Difficulty:
Easy
Flag Format:
HTB{s0me_fl4g_her3}
Author(s):
Kleptocratic and RoseSecurity
Walkthrough:
The password for Walkthrough.zip is the final flag, but if you could not discover the answer, check out https://medium.com/@RoseSecurity/obfusc8ted-walkthrough-making-sense-of-malware-infested-network-traffic-8b61c2c60c4e!
Happy Hunting!
Security Score
Audited on Dec 10, 2025