Criminal Name - Hunt and Decode

Name - The Criminal's Enigma 🕵️‍♀️

An anonymous attack has revealed that one of the names registered in an apparently harmless file belongs to a criminal wanted by the FBI. The clue is vague, but the evidence points to a pattern: an English male name, seven letters long, with a "C" somewhere in it.

As a Blue Team analyst, your task is to audit the file's contents, design a filtering logic, and detect possible matches. Then, you must manually validate your findings in the analysis environment and, if successful, you will obtain an encrypted flag that only the most precise can decipher.

🌱 How to start this lab

👉 From this Blue Team section onwards, the first five challenges will require the use of a preconfigured virtual machine called web-threats-lab. In some cases, you will only use this machine to validate your solutions; in others, you will also work directly on it.

Therefore, although part of your analysis can be done on your personal computer, the final validation must always be done within the virtual machine. So please do not delete or overwrite it, as it will be your workstation throughout this series.

1. If you don't have the virtual machine yet, download it from this link:

1        https://storage.googleapis.com/cybersecurity-machines/web-threats-lab.ova

1. Import the virtual machine into VirtualBox.
2. Start the VM and log in as user student:4geeks-lab.

Available material

You have a script available to help automate your work:

• name_solver.py: a Python script where you will test names based on the clues.

1# name_solver.py
2# This script helps find possible names 
3
4# Read names from a text file
5try:
6                with open("nombres.txt", "r", encoding="utf-8") as file:
7                                names = [line.strip() for line in file if line.strip()]
8except FileNotFoundError:
9                print("The file 'nombres.txt' was not found.")
10                exit()
11
12# Go through the names and apply the filters
13for name in names:
14                if len(name) == 7 and 'c' in name.lower():
15                                print(f"Could this be the criminal? {name}")
16

Validating your finding

When you think you have the correct name, you must validate it from the web-threats-lab virtual machine with the following terminal command:

1validate-criminal-name

If your hypothesis is correct, an encrypted string will be revealed. It will be your task to interpret it properly to find what you are looking for.

Good luck, agent!