title: Writeup ESAIP CTF 2022 - The proof of the malware author
date: Jun 04, 2022
tags: EsaipCTF2022 EsaipCTF Writeups OSINT

The proof of the malware author

We have discovered that a person currently working at Metacortexxs is developing a powerful virus. Find the proof of the development of this virus by this employee
Flag : ECTF{}

By doing a Linkedin search of this person's company: metacortexxs. We find directly the profile of a person, Noe Trimax

meta cortexxs linkedin

profil noe trimax

By going to the coordinates section, we can find Noe's email address

noe trimax mail address

For this part there are several possible solutions, the goal being to find the virus developed by this person. We can imagine that we have to look for a development repository. Here I made a guess about the repository but because we have his email we can easily check on which website he is registered to confirm that hypothesis. So I decided to add Noe on a temporary repo to get his github username from his email address.

find username on github from email address

This technique is not very well known, but it should be taken into account that in a real survey the account holder will receive an invitation in his e-mails. Let's have a look to his profile

neo github profile

An intresting repository is named Backdoor-python-polymorph, we can assume it's the virus that we are looking for. We know need to find a proof that Neo worked on that project.

backdoor python polymorph repo

By looking at the commit we can see that he made a mistake :

commit header file

We have the proof that he worked on that project and our flag !