title: Writeup ESAIP CTF 2022 - The proof of the malware author

date: Jun 04, 2022

tags: EsaipCTF2022 EsaipCTF Writeups OSINT

```
We have discovered that a person currently working at Metacortexxs is developing a powerful virus. Find the proof of the development of this virus by this employee
Flag : ECTF{}
```

By doing a Linkedin search of this person's company: metacortexxs. We find directly the profile of a person, Noe Trimax

By going to the coordinates section, we can find Noe's email address

For this part there are several possible solutions, the goal being to find the virus developed by this person. We can imagine that we have to look for a development repository. Here I made a guess about the repository but because we have his email we can easily check on which website he is registered to confirm that hypothesis. So I decided to add Noe on a temporary repo to get his github username from his email address.

This technique is not very well known, but it should be taken into account that in a real survey the account holder will receive an invitation in his e-mails. Let's have a look to his profile

An intresting repository is named *Backdoor-python-polymorph*, we can assume it's the virus that we are looking for. We know need to find a proof that Neo worked on that project.

By looking at the commit we can see that he made a mistake :

We have the proof that he worked on that project and our flag !

`ECTF{N07_7H47_C13V3r_70_137_1NF0rM4710N5_A80U7_Y0Ur531F}`