Tenant trouble
In this chall, we are given a .csv
file that looks like this:
We can use the following bash command to list the number of connection of each user:
As we can see, the user mister.bennet@winchester77.onmicrosoft.com
has much more connection than any other user. We can guess that this is the target of the attack. We can now grep
this email in the.csv
and see when we see a lot of UserLoginFailed
:
With all this information, we can now create the flag Hero{2024-05-02;mister.bennet@winchester77.onmicrosoft.com}