ECTF 2025 — my dearest

I recently took part in yet another Capture The Flag (CTF) event—this one proved to be both intellectually stimulating and an intense test of my forensic expertise. The initial challenges were engaging, and I navigated through them with relative ease, leveraging prior experience with similar problem sets. However, as I progressed, I encountered scenarios where extracting crucial data posed a significant challenge. This led me to explore advanced forensic tools such as Scapy for packet analysis, PhotoRec for file recovery, and various obscure registry keys that were previously outside my purview.

Let’s dive into the details, shall we?

Extracting Hidden Metadata: A Clever Approach

This challenge was relatively straightforward yet engaging. The objective was to extract the last name of the individual embedded within a .docx file. While there may be a more efficient approach, my method involved navigating to the "File" section, selecting "Info," and examining the metadata details provided there. This quickly revealed the necessary information.

A Faster, More Efficient Method?

Interestingly, during my testing, I discovered an alternative method that achieves the same result much faster. This unexpected approach made the challenge even more intriguing—definitely a fun little trick to keep in mind!

And just like that, we have our flag! ectf{MichelTeller}